!18 update to 8.2p1

Merge pull request !18 from yu_boyun/master
2020-07-29 15:54:16 +08:00 · 2020-07-29 15:54:16 +08:00 · 6992315208
commit 6992315208
parent 2a0102b834 ef3d61f407
99 changed files with 10226 additions and 17477 deletions
--- a/CVE-2019-16905.patch
+++ b/CVE-2019-16905.patch
@ -1,37 +0,0 @@
 From a546b17bbaeb12beac4c9aeed56f74a42b18a93a Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Wed, 9 Oct 2019 00:02:57 +0000
 Subject: [PATCH] upstream: fix integer overflow in XMSS private key parsing.
 Reported by Adam Zabrocki via SecuriTeam's SSH program.
 Note that this code is experimental and not compiled by default.
 ok markus@
 OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1
 ---
 sshkey-xmss.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 diff --git a/sshkey-xmss.c b/sshkey-xmss.c
 index a29e33f39..9e5f5e475 100644
 --- a/sshkey-xmss.c
 +++ b/sshkey-xmss.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: sshkey-xmss.c,v 1.3 2018/07/09 21:59:10 markus Exp $ */
 +/* $OpenBSD: sshkey-xmss.c,v 1.6 2019/10/09 00:02:57 djm Exp $ */
 /*
  * Copyright (c) 2017 Markus Friedl.  All rights reserved.
  *
@@ -977,7 +977,8 @@ sshkey_xmss_decrypt_state(const struct sshkey *k, struct sshbuf *encoded,
 		goto out;
 	}
 	/* check that an appropriate amount of auth data is present */
 -	if (sshbuf_len(encoded) < encrypted_len + authlen) {
 +	if (sshbuf_len(encoded) < authlen ||
 +	    sshbuf_len(encoded) - authlen < encrypted_len) {
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
--- a/CVE-2019-6109-1.patch
+++ b/CVE-2019-6109-1.patch
@ -1,270 +0,0 @@
 From 8976f1c4b2721c26e878151f52bdf346dfe2d54c Mon Sep 17 00:00:00 2001
 From: "dtucker@openbsd.org" <dtucker@openbsd.org>
 Date: Wed, 23 Jan 2019 08:01:46 +0000
 Subject: [PATCH] upstream: Sanitize scp filenames via snmprintf. To do this we
 move
 the progressmeter formatting outside of signal handler context and have the
 atomicio callback called for EINTR too.  bz#2434 with contributions from djm
 and jjelen at redhat.com, ok djm@
 OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8
 ---
 atomicio.c      | 20 ++++++++++++++-----
 progressmeter.c | 53 ++++++++++++++++++++++---------------------------
 progressmeter.h |  3 ++-
 scp.c           |  3 ++-
 sftp-client.c   | 18 +++++++++--------
 5 files changed, 53 insertions(+), 44 deletions(-)
 diff --git a/atomicio.c b/atomicio.c
 index cffa9fa7d..845b328ee 100644
 --- a/atomicio.c
 +++ b/atomicio.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */
 +/* $OpenBSD: atomicio.c,v 1.29 2019/01/23 08:01:46 dtucker Exp $ */
 /*
  * Copyright (c) 2006 Damien Miller. All rights reserved.
  * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
@@ -67,9 +67,14 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n,
 		res = (f) (fd, s + pos, n - pos);
 		switch (res) {
 		case -1:
 -			if (errno == EINTR)
 +			if (errno == EINTR) {
 +				/* possible SIGALARM, update callback */
 +				if (cb != NULL && cb(cb_arg, 0) == -1) {
 +					errno = EINTR;
 +					return pos;
 +				}
 				continue;
 -			if (errno == EAGAIN || errno == EWOULDBLOCK) {
 +			} else if (errno == EAGAIN || errno == EWOULDBLOCK) {
 #ifndef BROKEN_READ_COMPARISON
 				(void)poll(&pfd, 1, -1);
 #endif
@@ -124,9 +129,14 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd,
 		res = (f) (fd, iov, iovcnt);
 		switch (res) {
 		case -1:
 -			if (errno == EINTR)
 +			if (errno == EINTR) {
 +				/* possible SIGALARM, update callback */
 +				if (cb != NULL && cb(cb_arg, 0) == -1) {
 +					errno = EINTR;
 +					return pos;
 +				}
 				continue;
 -			if (errno == EAGAIN || errno == EWOULDBLOCK) {
 +			} else if (errno == EAGAIN || errno == EWOULDBLOCK) {
 #ifndef BROKEN_READV_COMPARISON
 				(void)poll(&pfd, 1, -1);
 #endif
 diff --git a/progressmeter.c b/progressmeter.c
 index fe9bf52e4..add462dde 100644
 --- a/progressmeter.c
 +++ b/progressmeter.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: progressmeter.c,v 1.45 2016/06/30 05:17:05 dtucker Exp $ */
 +/* $OpenBSD: progressmeter.c,v 1.46 2019/01/23 08:01:46 dtucker Exp $ */
 /*
  * Copyright (c) 2003 Nils Nordman.  All rights reserved.
  *
@@ -31,6 +31,7 @@
 #include <errno.h>
 #include <signal.h>
 +#include <stdarg.h>
 #include <stdio.h>
 #include <string.h>
 #include <time.h>
@@ -39,6 +40,7 @@
 #include "progressmeter.h"
 #include "atomicio.h"
 #include "misc.h"
 +#include "utf8.h"
 #define DEFAULT_WINSIZE 80
 #define MAX_WINSIZE 512
@@ -61,7 +63,7 @@ static void setscreensize(void);
 void refresh_progress_meter(void);
 /* signal handler for updating the progress meter */
 -static void update_progress_meter(int);
 +static void sig_alarm(int);
 static double start;		/* start progress */
 static double last_update;	/* last progress update */
@@ -74,6 +76,7 @@ static long stalled;		/* how long we have been stalled */
 static int bytes_per_second;	/* current speed in bytes per second */
 static int win_size;		/* terminal window size */
 static volatile sig_atomic_t win_resized; /* for window resizing */
 +static volatile sig_atomic_t alarm_fired;
 /* units for format_size */
 static const char unit[] = " KMGT";
@@ -126,9 +129,17 @@ refresh_progress_meter(void)
 	off_t bytes_left;
 	int cur_speed;
 	int hours, minutes, seconds;
 -	int i, len;
 	int file_len;
 +	if ((!alarm_fired && !win_resized) || !can_output())
 +		return;
 +	alarm_fired = 0;
 +
 +	if (win_resized) {
 +		setscreensize();
 +		win_resized = 0;
 +	}
 +
 	transferred = *counter - (cur_pos ? cur_pos : start_pos);
 	cur_pos = *counter;
 	now = monotime_double();
@@ -158,16 +169,11 @@ refresh_progress_meter(void)
 	/* filename */
 	buf[0] = '\0';
 -	file_len = win_size - 35;
 +	file_len = win_size - 36;
 	if (file_len > 0) {
 -		len = snprintf(buf, file_len + 1, "\r%s", file);
 -		if (len < 0)
 -			len = 0;
 -		if (len >= file_len + 1)
 -			len = file_len;
 -		for (i = len; i < file_len; i++)
 -			buf[i] = ' ';
 -		buf[file_len] = '\0';
 +		buf[0] = '\r';
 +		snmprintf(buf+1, sizeof(buf)-1 , &file_len, "%*s",
 +		    file_len * -1, file);
 	}
 	/* percent of transfer done */
@@ -228,22 +234,11 @@ refresh_progress_meter(void)
 /*ARGSUSED*/
 static void
 -update_progress_meter(int ignore)
 +sig_alarm(int ignore)
 {
 -	int save_errno;
 -
 -	save_errno = errno;
 -
 -	if (win_resized) {
 -		setscreensize();
 -		win_resized = 0;
 -	}
 -	if (can_output())
 -		refresh_progress_meter();
 -
 -	signal(SIGALRM, update_progress_meter);
 +	signal(SIGALRM, sig_alarm);
 +	alarm_fired = 1;
 	alarm(UPDATE_INTERVAL);
 -	errno = save_errno;
 }
 void
@@ -259,10 +254,9 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr)
 	bytes_per_second = 0;
 	setscreensize();
 -	if (can_output())
 -		refresh_progress_meter();
 +	refresh_progress_meter();
 -	signal(SIGALRM, update_progress_meter);
 +	signal(SIGALRM, sig_alarm);
 	signal(SIGWINCH, sig_winch);
 	alarm(UPDATE_INTERVAL);
 }
@@ -286,6 +280,7 @@ stop_progress_meter(void)
 static void
 sig_winch(int sig)
 {
 +	signal(SIGWINCH, sig_winch);
 	win_resized = 1;
 }
 diff --git a/progressmeter.h b/progressmeter.h
 index bf179dca6..8f6678060 100644
 --- a/progressmeter.h
 +++ b/progressmeter.h
@@ -1,4 +1,4 @@
 -/* $OpenBSD: progressmeter.h,v 1.3 2015/01/14 13:54:13 djm Exp $ */
 +/* $OpenBSD: progressmeter.h,v 1.4 2019/01/23 08:01:46 dtucker Exp $ */
 /*
  * Copyright (c) 2002 Nils Nordman.  All rights reserved.
  *
@@ -24,4 +24,5 @@
  */
 void	start_progress_meter(const char *, off_t, off_t *);
 +void	refresh_progress_meter(void);
 void	stop_progress_meter(void);
 diff --git a/scp.c b/scp.c
 index ae51137ee..25595a299 100644
 --- a/scp.c
 +++ b/scp.c
@@ -588,6 +588,7 @@ scpio(void *_cnt, size_t s)
 	off_t *cnt = (off_t *)_cnt;
 	*cnt += s;
 +	refresh_progress_meter();
 	if (limit_kbps > 0)
 		bandwidth_limit(&bwlimit, s);
 	return 0;
 diff --git a/sftp-client.c b/sftp-client.c
 index d3f80e5a0..36c4b8a4a 100644
 --- a/sftp-client.c
 +++ b/sftp-client.c
@@ -102,7 +102,9 @@ sftpio(void *_bwlimit, size_t amount)
 {
 	struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit;
 -	bandwidth_limit(bwlimit, amount);
 +	refresh_progress_meter();
 +	if (bwlimit != NULL)
 +		bandwidth_limit(bwlimit, amount);
 	return 0;
 }
@@ -122,8 +124,8 @@ send_msg(struct sftp_conn *conn, struct sshbuf *m)
 	iov[1].iov_base = (u_char *)sshbuf_ptr(m);
 	iov[1].iov_len = sshbuf_len(m);
 -	if (atomiciov6(writev, conn->fd_out, iov, 2,
 -	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) !=
 +	if (atomiciov6(writev, conn->fd_out, iov, 2, sftpio,
 +	    conn->limit_kbps > 0 ? &conn->bwlimit_out : NULL) !=
 	    sshbuf_len(m) + sizeof(mlen))
 		fatal("Couldn't send packet: %s", strerror(errno));
@@ -139,8 +141,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial)
 	if ((r = sshbuf_reserve(m, 4, &p)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 -	if (atomicio6(read, conn->fd_in, p, 4,
 -	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) {
 +	if (atomicio6(read, conn->fd_in, p, 4, sftpio,
 +	    conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) {
 		if (errno == EPIPE || errno == ECONNRESET)
 			fatal("Connection closed");
 		else
@@ -158,8 +160,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial)
 	if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 -	if (atomicio6(read, conn->fd_in, p, msg_len,
 -	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in)
 +	if (atomicio6(read, conn->fd_in, p, msg_len, sftpio,
 +	    conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL)
 	    != msg_len) {
 		if (errno == EPIPE)
 			fatal("Connection closed");
--- a/CVE-2019-6109-2.patch
+++ b/CVE-2019-6109-2.patch
@ -1,117 +0,0 @@
 From bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb Mon Sep 17 00:00:00 2001
 From: "dtucker@openbsd.org" <dtucker@openbsd.org>
 Date: Thu, 24 Jan 2019 16:52:17 +0000
 Subject: [PATCH] upstream: Have progressmeter force an update at the beginning
 and
 end of each transfer.  Fixes the problem recently introduces where very quick
 transfers do not display the progressmeter at all.  Spotted by naddy@
 OpenBSD-Commit-ID: 68dc46c259e8fdd4f5db3ec2a130f8e4590a7a9a
 ---
 progressmeter.c | 13 +++++--------
 progressmeter.h |  4 ++--
 scp.c           |  4 ++--
 sftp-client.c   |  4 ++--
 4 files changed, 11 insertions(+), 14 deletions(-)
 diff --git a/progressmeter.c b/progressmeter.c
 index add462dde..e385c1254 100644
 --- a/progressmeter.c
 +++ b/progressmeter.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: progressmeter.c,v 1.46 2019/01/23 08:01:46 dtucker Exp $ */
 +/* $OpenBSD: progressmeter.c,v 1.47 2019/01/24 16:52:17 dtucker Exp $ */
 /*
  * Copyright (c) 2003 Nils Nordman.  All rights reserved.
  *
@@ -59,9 +59,6 @@ static void format_rate(char *, int, off_t);
 static void sig_winch(int);
 static void setscreensize(void);
 -/* updates the progressmeter to reflect the current state of the transfer */
 -void refresh_progress_meter(void);
 -
 /* signal handler for updating the progress meter */
 static void sig_alarm(int);
@@ -120,7 +117,7 @@ format_size(char *buf, int size, off_t bytes)
 }
 void
 -refresh_progress_meter(void)
 +refresh_progress_meter(int force_update)
 {
 	char buf[MAX_WINSIZE + 1];
 	off_t transferred;
@@ -131,7 +128,7 @@ refresh_progress_meter(void)
 	int hours, minutes, seconds;
 	int file_len;
 -	if ((!alarm_fired && !win_resized) || !can_output())
 +	if ((!force_update && !alarm_fired && !win_resized) || !can_output())
 		return;
 	alarm_fired = 0;
@@ -254,7 +251,7 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr)
 	bytes_per_second = 0;
 	setscreensize();
 -	refresh_progress_meter();
 +	refresh_progress_meter(1);
 	signal(SIGALRM, sig_alarm);
 	signal(SIGWINCH, sig_winch);
@@ -271,7 +268,7 @@ stop_progress_meter(void)
 	/* Ensure we complete the progress */
 	if (cur_pos != end_pos)
 -		refresh_progress_meter();
 +		refresh_progress_meter(1);
 	atomicio(vwrite, STDOUT_FILENO, "\n", 1);
 }
 diff --git a/progressmeter.h b/progressmeter.h
 index 8f6678060..1703ea75b 100644
 --- a/progressmeter.h
 +++ b/progressmeter.h
@@ -1,4 +1,4 @@
 -/* $OpenBSD: progressmeter.h,v 1.4 2019/01/23 08:01:46 dtucker Exp $ */
 +/* $OpenBSD: progressmeter.h,v 1.5 2019/01/24 16:52:17 dtucker Exp $ */
 /*
  * Copyright (c) 2002 Nils Nordman.  All rights reserved.
  *
@@ -24,5 +24,5 @@
  */
 void	start_progress_meter(const char *, off_t, off_t *);
 -void	refresh_progress_meter(void);
 +void	refresh_progress_meter(int);
 void	stop_progress_meter(void);
 diff --git a/scp.c b/scp.c
 index 25595a299..74dfe521a 100644
 --- a/scp.c
 +++ b/scp.c
@@ -588,7 +588,7 @@ scpio(void *_cnt, size_t s)
 	off_t *cnt = (off_t *)_cnt;
 	*cnt += s;
 -	refresh_progress_meter();
 +	refresh_progress_meter(0);
 	if (limit_kbps > 0)
 		bandwidth_limit(&bwlimit, s);
 	return 0;
 diff --git a/sftp-client.c b/sftp-client.c
 index 36c4b8a4a..73e3c2f53 100644
 --- a/sftp-client.c
 +++ b/sftp-client.c
@@ -102,7 +102,7 @@ sftpio(void *_bwlimit, size_t amount)
 {
 	struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit;
 -	refresh_progress_meter();
 +	refresh_progress_meter(0);
 	if (bwlimit != NULL)
 		bandwidth_limit(bwlimit, amount);
 	return 0;
--- a/CVE-2019-6111-1.patch
+++ b/CVE-2019-6111-1.patch
@ -1,181 +0,0 @@
 From 391ffc4b9d31fa1f4ad566499fef9176ff8a07dc Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Sat, 26 Jan 2019 22:41:28 +0000
 Subject: [PATCH] upstream: check in scp client that filenames sent during
 remote->local directory copies satisfy the wildcard specified by the user.
 This checking provides some protection against a malicious server
 sending unexpected filenames, but it comes at a risk of rejecting wanted
 files due to differences between client and server wildcard expansion rules.
 For this reason, this also adds a new -T flag to disable the check.
 reported by Harry Sintonen
 fix approach suggested by markus@;
 has been in snaps for ~1wk courtesy deraadt@
 OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
 ---
 scp.1 | 16 +++++++++++++---
 scp.c | 39 ++++++++++++++++++++++++++++++---------
 2 files changed, 43 insertions(+), 12 deletions(-)
 diff --git a/scp.1 b/scp.1
 index 8bb63edaa..a2833dab0 100644
 --- a/scp.1
 +++ b/scp.1
@@ -18,7 +18,7 @@
 .Nd secure copy (remote file copy program)
 .Sh SYNOPSIS
 .Nm scp
 -.Op Fl 346BCpqrv
 +.Op Fl 346BCpqrTv
 .Op Fl c Ar cipher
 .Op Fl F Ar ssh_config
 .Op Fl i Ar identity_file
@@ -222,6 +222,16 @@ to use for the encrypted connection.
 The program must understand
 .Xr ssh 1
 options.
 +.It Fl T
 +Disable strict filename checking.
 +By default when copying files from a remote host to a local directory
 +.Nm
 +checks that the received filenames match those requested on the command-line
 +to prevent the remote end from sending unexpected or unwanted files.
 +Because of differences in how various operating systems and shells interpret
 +filename wildcards, these checks may cause wanted files to be rejected.
 +This option disables these checks at the expense of fully trusting that
 +the server will not send unexpected filenames.
 .It Fl v
 Verbose mode.
 Causes
 diff --git a/scp.c b/scp.c
 index 74dfe521a..e669e815e 100644
 --- a/scp.c
 +++ b/scp.c
@@ -94,6 +94,7 @@
 #include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
 +#include <fnmatch.h>
 #include <limits.h>
 #include <locale.h>
 #include <pwd.h>
@@ -375,14 +376,14 @@ void verifydir(char *);
 struct passwd *pwd;
 uid_t userid;
 int errs, remin, remout;
 -int pflag, iamremote, iamrecursive, targetshouldbedirectory;
 +int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory;
 #define	CMDNEEDS	64
 char cmd[CMDNEEDS];		/* must hold "rcp -r -p -d\0" */
 int response(void);
 void rsource(char *, struct stat *);
 -void sink(int, char *[]);
 +void sink(int, char *[], const char *);
 void source(int, char *[]);
 void tolocal(int, char *[]);
 void toremote(int, char *[]);
@@ -423,8 +424,9 @@ main(int argc, char **argv)
 	addargs(&args, "-oRemoteCommand=none");
 	addargs(&args, "-oRequestTTY=no");
 -	fflag = tflag = 0;
 -	while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1)
 +	fflag = Tflag = tflag = 0;
 +	while ((ch = getopt(argc, argv,
 +	    "dfl:prtTvBCc:i:P:q12346S:o:F:J:")) != -1) {
 		switch (ch) {
 		/* User-visible flags. */
 		case '1':
@@ -504,9 +506,13 @@ main(int argc, char **argv)
 			setmode(0, O_BINARY);
 #endif
 			break;
 +		case 'T':
 +			Tflag = 1;
 +			break;
 		default:
 			usage();
 		}
 +	}
 	argc -= optind;
 	argv += optind;
@@ -537,7 +543,7 @@ main(int argc, char **argv)
 	}
 	if (tflag) {
 		/* Receive data. */
 -		sink(argc, argv);
 +		sink(argc, argv, NULL);
 		exit(errs != 0);
 	}
 	if (argc < 2)
@@ -795,7 +801,7 @@ tolocal(int argc, char **argv)
 			continue;
 		}
 		free(bp);
 -		sink(1, argv + argc - 1);
 +		sink(1, argv + argc - 1, src);
 		(void) close(remin);
 		remin = remout = -1;
 	}
@@ -971,7 +977,7 @@ rsource(char *name, struct stat *statp)
 	 (sizeof(type) != 4 && sizeof(type) != 8))
 void
 -sink(int argc, char **argv)
 +sink(int argc, char **argv, const char *src)
 {
 	static BUF buffer;
 	struct stat stb;
@@ -987,6 +993,7 @@ sink(int argc, char **argv)
 	unsigned long long ull;
 	int setimes, targisdir, wrerrno = 0;
 	char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
 +	char *src_copy = NULL, *restrict_pattern = NULL;
 	struct timeval tv[2];
 #define	atime	tv[0]
@@ -1011,6 +1018,17 @@ sink(int argc, char **argv)
 	(void) atomicio(vwrite, remout, "", 1);
 	if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
 		targisdir = 1;
 +	if (src != NULL && !iamrecursive && !Tflag) {
 +		/*
 +		 * Prepare to try to restrict incoming filenames to match
 +		 * the requested destination file glob.
 +		 */
 +		if ((src_copy = strdup(src)) == NULL)
 +			fatal("strdup failed");
 +		if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) {
 +			*restrict_pattern++ = '\0';
 +		}
 +	}
 	for (first = 1;; first = 0) {
 		cp = buf;
 		if (atomicio(read, remin, cp, 1) != 1)
@@ -1115,6 +1133,9 @@ sink(int argc, char **argv)
 			run_err("error: unexpected filename: %s", cp);
 			exit(1);
 		}
 +		if (restrict_pattern != NULL &&
 +		    fnmatch(restrict_pattern, cp, 0) != 0)
 +			SCREWUP("filename does not match request");
 		if (targisdir) {
 			static char *namebuf;
 			static size_t cursize;
@@ -1152,7 +1173,7 @@ sink(int argc, char **argv)
 					goto bad;
 			}
 			vect[0] = xstrdup(np);
 -			sink(1, vect);
 +			sink(1, vect, src);
 			if (setimes) {
 				setimes = 0;
 				if (utimes(vect[0], tv) < 0)
--- a/CVE-2019-6111-2.patch
+++ b/CVE-2019-6111-2.patch
@ -1,348 +0,0 @@
 From 3d896c157c722bc47adca51a58dca859225b5874 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Sun, 10 Feb 2019 11:15:52 +0000
 Subject: [PATCH] upstream: when checking that filenames sent by the server
 side
 match what the client requested, be prepared to handle shell-style brace
 alternations, e.g. "{foo,bar}".
 "looks good to me" millert@ + in snaps for the last week courtesy
 deraadt@
 OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e
 ---
 scp.c | 282 +++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 270 insertions(+), 12 deletions(-)
 diff --git a/scp.c b/scp.c
 index 96fc246cd..80bc0e8b1 100644
 --- a/scp.c
 +++ b/scp.c
@@ -630,6 +630,253 @@ parse_scp_uri(const char *uri, char **userp, char **hostp, int *portp,
 	return r;
 }
 +/* Appends a string to an array; returns 0 on success, -1 on alloc failure */
 +static int
 +append(char *cp, char ***ap, size_t *np)
 +{
 +	char **tmp;
 +
 +	if ((tmp = reallocarray(*ap, *np + 1, sizeof(*tmp))) == NULL)
 +		return -1;
 +	tmp[(*np)] = cp;
 +	(*np)++;
 +	*ap = tmp;
 +	return 0;
 +}
 +
 +/*
 + * Finds the start and end of the first brace pair in the pattern.
 + * returns 0 on success or -1 for invalid patterns.
 + */
 +static int
 +find_brace(const char *pattern, int *startp, int *endp)
 +{
 +	int i;
 +	int in_bracket, brace_level;
 +
 +	*startp = *endp = -1;
 +	in_bracket = brace_level = 0;
 +	for (i = 0; i < INT_MAX && *endp < 0 && pattern[i] != '\0'; i++) {
 +		switch (pattern[i]) {
 +		case '\\':
 +			/* skip next character */
 +			if (pattern[i + 1] != '\0')
 +				i++;
 +			break;
 +		case '[':
 +			in_bracket = 1;
 +			break;
 +		case ']':
 +			in_bracket = 0;
 +			break;
 +		case '{':
 +			if (in_bracket)
 +				break;
 +			if (pattern[i + 1] == '}') {
 +				/* Protect a single {}, for find(1), like csh */
 +				i++; /* skip */
 +				break;
 +			}
 +			if (*startp == -1)
 +				*startp = i;
 +			brace_level++;
 +			break;
 +		case '}':
 +			if (in_bracket)
 +				break;
 +			if (*startp < 0) {
 +				/* Unbalanced brace */
 +				return -1;
 +			}
 +			if (--brace_level <= 0)
 +				*endp = i;
 +			break;
 +		}
 +	}
 +	/* unbalanced brackets/braces */
 +	if (*endp < 0 && (*startp >= 0 || in_bracket))
 +		return -1;
 +	return 0;
 +}
 +
 +/*
 + * Assembles and records a successfully-expanded pattern, returns -1 on
 + * alloc failure.
 + */
 +static int
 +emit_expansion(const char *pattern, int brace_start, int brace_end,
 +    int sel_start, int sel_end, char ***patternsp, size_t *npatternsp)
 +{
 +	char *cp;
 +	int o = 0, tail_len = strlen(pattern + brace_end + 1);
 +
 +	if ((cp = malloc(brace_start + (sel_end - sel_start) +
 +	    tail_len + 1)) == NULL)
 +		return -1;
 +
 +	/* Pattern before initial brace */
 +	if (brace_start > 0) {
 +		memcpy(cp, pattern, brace_start);
 +		o = brace_start;
 +	}
 +	/* Current braced selection */
 +	if (sel_end - sel_start > 0) {
 +		memcpy(cp + o, pattern + sel_start,
 +		    sel_end - sel_start);
 +		o += sel_end - sel_start;
 +	}
 +	/* Remainder of pattern after closing brace */
 +	if (tail_len > 0) {
 +		memcpy(cp + o, pattern + brace_end + 1, tail_len);
 +		o += tail_len;
 +	}
 +	cp[o] = '\0';
 +	if (append(cp, patternsp, npatternsp) != 0) {
 +		free(cp);
 +		return -1;
 +	}
 +	return 0;
 +}
 +
 +/*
 + * Expand the first encountered brace in pattern, appending the expanded
 + * patterns it yielded to the *patternsp array.
 + *
 + * Returns 0 on success or -1 on allocation failure.
 + *
 + * Signals whether expansion was performed via *expanded and whether
 + * pattern was invalid via *invalid.
 + */
 +static int
 +brace_expand_one(const char *pattern, char ***patternsp, size_t *npatternsp,
 +    int *expanded, int *invalid)
 +{
 +	int i;
 +	int in_bracket, brace_start, brace_end, brace_level;
 +	int sel_start, sel_end;
 +
 +	*invalid = *expanded = 0;
 +
 +	if (find_brace(pattern, &brace_start, &brace_end) != 0) {
 +		*invalid = 1;
 +		return 0;
 +	} else if (brace_start == -1)
 +		return 0;
 +
 +	in_bracket = brace_level = 0;
 +	for (i = sel_start = brace_start + 1; i < brace_end; i++) {
 +		switch (pattern[i]) {
 +		case '{':
 +			if (in_bracket)
 +				break;
 +			brace_level++;
 +			break;
 +		case '}':
 +			if (in_bracket)
 +				break;
 +			brace_level--;
 +			break;
 +		case '[':
 +			in_bracket = 1;
 +			break;
 +		case ']':
 +			in_bracket = 0;
 +			break;
 +		case '\\':
 +			if (i < brace_end - 1)
 +				i++; /* skip */
 +			break;
 +		}
 +		if (pattern[i] == ',' || i == brace_end - 1) {
 +			if (in_bracket || brace_level > 0)
 +				continue;
 +			/* End of a selection, emit an expanded pattern */
 +
 +			/* Adjust end index for last selection */
 +			sel_end = (i == brace_end - 1) ? brace_end : i;
 +			if (emit_expansion(pattern, brace_start, brace_end,
 +			    sel_start, sel_end, patternsp, npatternsp) != 0)
 +				return -1;
 +			/* move on to the next selection */
 +			sel_start = i + 1;
 +			continue;
 +		}
 +	}
 +	if (in_bracket || brace_level > 0) {
 +		*invalid = 1;
 +		return 0;
 +	}
 +	/* success */
 +	*expanded = 1;
 +	return 0;
 +}
 +
 +/* Expand braces from pattern. Returns 0 on success, -1 on failure */
 +static int
 +brace_expand(const char *pattern, char ***patternsp, size_t *npatternsp)
 +{
 +	char *cp, *cp2, **active = NULL, **done = NULL;
 +	size_t i, nactive = 0, ndone = 0;
 +	int ret = -1, invalid = 0, expanded = 0;
 +
 +	*patternsp = NULL;
 +	*npatternsp = 0;
 +
 +	/* Start the worklist with the original pattern */
 +	if ((cp = strdup(pattern)) == NULL)
 +		return -1;
 +	if (append(cp, &active, &nactive) != 0) {
 +		free(cp);
 +		return -1;
 +	}
 +	while (nactive > 0) {
 +		cp = active[nactive - 1];
 +		nactive--;
 +		if (brace_expand_one(cp, &active, &nactive,
 +		    &expanded, &invalid) == -1) {
 +			free(cp);
 +			goto fail;
 +		}
 +		if (invalid)
 +			fatal("%s: invalid brace pattern \"%s\"", __func__, cp);
 +		if (expanded) {
 +			/*
 +			 * Current entry expanded to new entries on the
 +			 * active list; discard the progenitor pattern.
 +			 */
 +			free(cp);
 +			continue;
 +		}
 +		/*
 +		 * Pattern did not expand; append the finename component to
 +		 * the completed list
 +		 */
 +		if ((cp2 = strrchr(cp, '/')) != NULL)
 +			*cp2++ = '\0';
 +		else
 +			cp2 = cp;
 +		if (append(xstrdup(cp2), &done, &ndone) != 0) {
 +			free(cp);
 +			goto fail;
 +		}
 +		free(cp);
 +	}
 +	/* success */
 +	*patternsp = done;
 +	*npatternsp = ndone;
 +	done = NULL;
 +	ndone = 0;
 +	ret = 0;
 + fail:
 +	for (i = 0; i < nactive; i++)
 +		free(active[i]);
 +	free(active);
 +	for (i = 0; i < ndone; i++)
 +		free(done[i]);
 +	free(done);
 +	return ret;
 +}
 +
 void
 toremote(int argc, char **argv)
 {
@@ -993,7 +1240,8 @@ sink(int argc, char **argv, const char *src)
 	unsigned long long ull;
 	int setimes, targisdir, wrerrno = 0;
 	char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
 -	char *src_copy = NULL, *restrict_pattern = NULL;
 +	char **patterns = NULL;
 +	size_t n, npatterns = 0;
 	struct timeval tv[2];
 #define	atime	tv[0]
@@ -1023,16 +1271,13 @@ sink(int argc, char **argv, const char *src)
 		 * Prepare to try to restrict incoming filenames to match
 		 * the requested destination file glob.
 		 */
 -		if ((src_copy = strdup(src)) == NULL)
 -			fatal("strdup failed");
 -		if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) {
 -			*restrict_pattern++ = '\0';
 -		}
 +		if (brace_expand(src, &patterns, &npatterns) != 0)
 +			fatal("%s: could not expand pattern", __func__);
 	}
 	for (first = 1;; first = 0) {
 		cp = buf;
 		if (atomicio(read, remin, cp, 1) != 1)
 -			return;
 +			goto done;
 		if (*cp++ == '\n')
 			SCREWUP("unexpected <newline>");
 		do {
@@ -1058,7 +1303,7 @@ sink(int argc, char **argv, const char *src)
 		}
 		if (buf[0] == 'E') {
 			(void) atomicio(vwrite, remout, "", 1);
 -			return;
 +			goto done;
 		}
 		if (ch == '\n')
 			*--cp = 0;
@@ -1133,9 +1378,14 @@ sink(int argc, char **argv, const char *src)
 			run_err("error: unexpected filename: %s", cp);
 			exit(1);
 		}
 -		if (restrict_pattern != NULL &&
 -		    fnmatch(restrict_pattern, cp, 0) != 0)
 -			SCREWUP("filename does not match request");
 +		if (npatterns > 0) {
 +			for (n = 0; n < npatterns; n++) {
 +				if (fnmatch(patterns[n], cp, 0) == 0)
 +					break;
 +			}
 +			if (n >= npatterns)
 +				SCREWUP("filename does not match request");
 +		}
 		if (targisdir) {
 			static char *namebuf;
 			static size_t cursize;
@@ -1294,7 +1544,15 @@ bad:			run_err("%s: %s", np, strerror(errno));
 			break;
 		}
 	}
 +done:
 +	for (n = 0; n < npatterns; n++)
 +		free(patterns[n]);
 +	free(patterns);
 +	return;
 screwup:
 +	for (n = 0; n < npatterns; n++)
 +		free(patterns[n]);
 +	free(patterns);
 	run_err("protocol error: %s", why);
 	exit(1);
 }
--- a/CVE-2020-12062-1.patch
+++ b/CVE-2020-12062-1.patch
@ -20,7 +20,7 @@ index 812ab5301..439025980 100644
 --- a/scp.c
 +++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */
+-/* $OpenBSD: scp.c,v 1.207 2020/01/23 07:10:22 dtucker Exp $ */
 +/* $OpenBSD: scp.c,v 1.209 2020/05/01 06:31:42 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
@ -139,7 +139,7 @@ index 812ab5301..439025980 100644
 -		if (setimes && wrerr == NO) {
 +		if (setimes && !wrerr) {
 			setimes = 0;
- 			if (utimes(np, tv) < 0) {
+ 			if (utimes(np, tv) == -1) {
 -				run_err("%s: set times: %s",
 +				note_err("%s: set times: %s",
 				    np, strerror(errno));
--- a/CVE-2020-12062-2.patch
+++ b/CVE-2020-12062-2.patch
@ -25,7 +25,7 @@ index 439025980..b4492a062 100644
 			sink(1, vect, src);
 			if (setimes) {
 				setimes = 0;
-				if (utimes(vect[0], tv) < 0)
+-				if (utimes(vect[0], tv) == -1)
 -					run_err("%s: set times: %s",
 -					    vect[0], strerror(errno));
 +				(void) utimes(vect[0], tv);
--- a/Cygwin-Change-service-name-to-cygsshd.patch
+++ b/Cygwin-Change-service-name-to-cygsshd.patch
@ -1,26 +0,0 @@
 From 89843de0c4c733501f6b4f988098e6e06963df37 Mon Sep 17 00:00:00 2001
 From: Corinna Vinschen <vinschen@redhat.com>
 Date: Sat, 26 Jan 2019 23:03:12 +0100
 Subject: [PATCH 276/294] Cygwin: Change service name to cygsshd
 Microsoft hijacked the sshd service name without asking.
 ---
 contrib/cygwin/ssh-host-config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
 index 2903125..52916d1 100644
 --- a/contrib/cygwin/ssh-host-config
 +++ b/contrib/cygwin/ssh-host-config
@@ -61,7 +61,7 @@ LOCALSTATEDIR=/var
 sshd_config_configured=no
 port_number=22
 -service_name=sshd
 +service_name=cygsshd
 strictmodes=yes
 cygwin_value=""
 user_account=
 -- 
 1.8.3.1
--- a/DJM-GPG-KEY.gpg
+++ b/DJM-GPG-KEY.gpg
--- a/Initial-len-for-the-fmt-NULL-case.patch
+++ b/Initial-len-for-the-fmt-NULL-case.patch
@ -1,27 +0,0 @@
 From 039bf2a81797b8f3af6058d34005a4896a363221 Mon Sep 17 00:00:00 2001
 From: Darren Tucker <dtucker@dtucker.net>
 Date: Fri, 7 Sep 2018 14:06:57 +1000
 Subject: [PATCH 003/294] Initial len for the fmt=NULL case.
 Patch from jjelen at redhat via bz#2687.  (OpenSSH never calls
 setproctitle with a null format so len is always initialized).
 ---
 openbsd-compat/setproctitle.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c
 index 2b15c6e..dbd1a95 100644
 --- a/openbsd-compat/setproctitle.c
 +++ b/openbsd-compat/setproctitle.c
@@ -125,7 +125,7 @@ setproctitle(const char *fmt, ...)
 #if SPT_TYPE != SPT_NONE
 	va_list ap;
 	char buf[1024], ptitle[1024];
 -	size_t len;
 +	size_t len = 0;
 	int r;
 	extern char *__progname;
 #if SPT_TYPE == SPT_PSTAT
 -- 
 1.8.3.1
--- a/Move-RANDOM_SEED_SIZE-outside-ifdef.patch
+++ b/Move-RANDOM_SEED_SIZE-outside-ifdef.patch
@ -1,36 +0,0 @@
 From c721d5877509875c8515df0215fa1dab862013bc Mon Sep 17 00:00:00 2001
 From: Darren Tucker <dtucker@dtucker.net>
 Date: Fri, 23 Nov 2018 14:11:20 +1100
 Subject: [PATCH 127/294] Move RANDOM_SEED_SIZE outside ifdef.
 RANDOM_SEED_SIZE is used by both the OpenSSL and non-OpenSSL code
 This fixes the build with configureed --without-openssl.
 ---
 entropy.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/entropy.c b/entropy.c
 index 1e3f265..b04ef3f 100644
 --- a/entropy.c
 +++ b/entropy.c
@@ -24,6 +24,8 @@
 #include "includes.h"
 +#define RANDOM_SEED_SIZE 48
 +
 #ifdef WITH_OPENSSL
 #include <sys/types.h>
@@ -64,8 +66,6 @@
  */
 #ifndef OPENSSL_PRNG_ONLY
 -#define RANDOM_SEED_SIZE 48
 -
 /*
  * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon
  * listening either on 'tcp_port', or via Unix domain socket at *
 -- 
 1.8.3.1
--- a/bugfix-CVE-2018-15919.patch
+++ b/bugfix-CVE-2018-15919.patch
@ -1,60 +0,0 @@
 From 1a3f3190a287cc24fe2b7a47f420d03fba76b353 Mon Sep 17 00:00:00 2001
 From: majun <majun65@huawei.com>
 Date: Wed, 18 Mar 2020 19:23:15 +0800
 Subject: [PATCH] CVE-2018-15919
 ---
 auth.h      | 1 +
 auth2-gss.c | 1 +
 auth2.c     | 4 ++++
 3 files changed, 6 insertions(+)
 diff --git a/auth.h b/auth.h
 index 1d9cf66..51b27c7 100644
 --- a/auth.h
 +++ b/auth.h
@@ -60,6 +60,7 @@ struct Authctxt {
 	int		 attempt;
 	int		 failures;
 	int		 server_caused_failure;
 +	int		 server_caused_gssapi_failure;
 	int		 force_pwchange;
 	char		*user;		/* username sent by the client */
 	char		*service;
 diff --git a/auth2-gss.c b/auth2-gss.c
 index 764d509..9690f8a 100644
 --- a/auth2-gss.c
 +++ b/auth2-gss.c
@@ -153,6 +153,7 @@ userauth_gssapi(struct ssh *ssh)
 			ssh_gssapi_delete_ctx(&ctxt);
 		free(doid);
 		authctxt->server_caused_failure = 1;
 +		authctxt->server_caused_gssapi_failure = 1;
 		return (0);
 	}
 diff --git a/auth2.c b/auth2.c
 index f0b61ce..14db54a 100644
 --- a/auth2.c
 +++ b/auth2.c
@@ -336,6 +336,7 @@ if (options.check_user_splash)
 	auth2_authctxt_reset_info(authctxt);
 	authctxt->postponed = 0;
 	authctxt->server_caused_failure = 0;
 +	authctxt->server_caused_gssapi_failure = 0;
 	/* try to authenticate user */
 	m = authmethod_lookup(authctxt, method);
@@ -427,6 +428,9 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
 		if (!partial && !authctxt->server_caused_failure &&
 		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
 			authctxt->failures++;
 +		if (!partial && authctxt->server_caused_gssapi_failure &&
 +		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
 +			authctxt->failures++;
 		if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
 			PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
 -- 
 1.8.3.1
--- a/bugfix-debug3-to-verbose-in-command.patch
+++ b/bugfix-debug3-to-verbose-in-command.patch
@ -0,0 +1,25 @@
 From ed070c21ae68170e1cead6f5be16482d4f73ae2b Mon Sep 17 00:00:00 2001
 From: m00525086 <majun65@huawei.com>
 Date: Thu, 5 Mar 2020 21:02:06 +0800
 Subject: [PATCH] d2v
 ---
 monitor_wrap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/monitor_wrap.c b/monitor_wrap.c
 index 7f5a8fa..6ebcda1 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
@@ -928,7 +928,7 @@ mm_audit_run_command(const char *command)
 	int r;
 	int handle;
 -	debug3("%s entering command %s", __func__, command);
 +	verbose("%s entering command %s", __func__, command);
 	if ((m = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
 -- 
 2.19.1
--- a/bugfix-openssh-6.6p1-log-usepam-no.patch
+++ b/bugfix-openssh-6.6p1-log-usepam-no.patch
@ -1,6 +1,6 @@
-From 45b9c4762614db5bc14b855ccfc019951eebe42d Mon Sep 17 00:00:00 2001
+From 31883f21eff4265b68bb36f67b254adb524db6ae Mon Sep 17 00:00:00 2001
 From: guoxiaoqi <guoxiaoqi2@huawei.com>
-Date: Mon, 10 Dec 2018 19:07:51 +0000
+Date: Thu, 16 Apr 2020 14:51:44 +0800
 Subject: [PATCH] bugfix-openssh-6.6p1-log-usepam-no
 ---
@ -9,12 +9,12 @@ Subject: [PATCH] bugfix-openssh-6.6p1-log-usepam-no
 2 files changed, 3 insertions(+), 3 deletions(-)
 diff --git a/sshd.c b/sshd.c
-index d6ac3e3..6f273b7 100644
+index c6c03ae..c291a5e 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -1707,9 +1707,9 @@ main(int ac, char **av)
+@@ -1812,9 +1812,9 @@ main(int ac, char **av)
 	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
- 	    cfg, NULL);
+ 	    cfg, &includes, NULL);
 -	/* 'UsePAM no' is not supported in Fedora */
 +	/* 'UsePAM no' is not supported in openEuler */
@ -22,21 +22,21 @@ index d6ac3e3..6f273b7 100644
 -		logit("WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems.");
 +		logit("WARNING: 'UsePAM no' is not supported in openEuler and may cause several problems.");
- 	seed_rng();
+ 	/* Fill in default values for those options not explicitly set. */
- 
+ 	fill_default_server_options(&options);
 diff --git a/sshd_config b/sshd_config
-index cc90a90..17b477c 100644
+index e125992..ebc28b3 100644
 --- a/sshd_config
 +++ b/sshd_config
-@@ -91,7 +91,7 @@ GSSAPICleanupCredentials no
+@@ -87,7 +87,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
 -# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
 +# WARNING: 'UsePAM no' is not supported in openEuler and may cause several
 # problems.
- UsePAM yes
+ #UsePAM no
 -- 
-1.8.3.1
+2.23.0
--- a/bugfix-openssh-add-option-check-username-splash.patch
+++ b/bugfix-openssh-add-option-check-username-splash.patch
@ -1,6 +1,6 @@
-From a28e7321bbb42cf6e8734a297c07dd9467662151 Mon Sep 17 00:00:00 2001
+From 74c1a37dfeab8e9cc39e5bc76891d1d9d66b7638 Mon Sep 17 00:00:00 2001
 From: wangqiang <wangqiang62@huawei.com>
-Date: Thu, 9 Aug 2018 14:27:55 +0800
+Date: Thu, 16 Apr 2020 15:58:30 +0800
 Subject: [PATCH] openssh: add option check username splash
 add a check to inhibit username contains splash
@ -8,17 +8,17 @@ add an option 'CheckUserSplash' so that user can turn off
 this check
 ---
- auth2.c     | 3 +++
+ auth2.c     | 4 +++-
 servconf.c  | 8 ++++++++
- servconf.h  | 2 ++
+ servconf.h  | 1 +
 sshd_config | 2 ++
- 4 files changed, 15 insertions(+)
+ 4 files changed, 14 insertions(+), 1 deletion(-)
 diff --git a/auth2.c b/auth2.c
-index 6591a8b..be7f829 100644
+index 4adc502..956b9cf 100644
 --- a/auth2.c
 +++ b/auth2.c
-@@ -231,10 +231,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
+@@ -282,11 +282,13 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
 	debug("userauth-request for user %s service %s method %s", user, service, method);
 	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
@ -28,15 +28,16 @@ index 6591a8b..be7f829 100644
 	if ((role = strchr(user, '/')) != NULL)
 		*role++ = 0;
 #endif
 -
 +}
 	if ((style = strchr(user, ':')) != NULL)
 		*style++ = 0;
 diff --git a/servconf.c b/servconf.c
-index 08e5d70..85c9238 100644
+index 7001d56..76147f9 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -185,6 +185,7 @@
+@@ -195,6 +195,7 @@ initialize_server_options(ServerOptions *options)
 	options->ip_qos_interactive = -1;
 	options->ip_qos_bulk = -1;
 	options->version_addendum = NULL;
@ -44,64 +45,66 @@ index 08e5d70..85c9238 100644
 	options->fingerprint_hash = -1;
 	options->disable_forwarding = -1;
 	options->expose_userauth_info = -1;
-@@ -425,6 +426,8 @@
+@@ -473,6 +474,8 @@ fill_default_server_options(ServerOptions *options)
 		options->ip_qos_bulk = IPTOS_DSCP_CS1;
 	if (options->version_addendum == NULL)
 		options->version_addendum = xstrdup("");
 	if (options->show_patchlevel == -1)
 		options->show_patchlevel = 0;
 +	if (options->check_user_splash == -1)
 +		options->check_user_splash = 1;
 	if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
 		options->fwd_opts.streamlocal_bind_mask = 0177;
 	if (options->fwd_opts.streamlocal_bind_unlink == -1)
-@@ -522,6 +525,7 @@
+@@ -574,6 +577,7 @@ typedef enum {
 	sStreamLocalBindMask, sStreamLocalBindUnlink,
 	sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
- 	sExposeAuthInfo, sRDomain,
+ 	sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
 +	sCheckUserSplash,
 	sDeprecated, sIgnore, sUnsupported
 } ServerOpCodes;
-@@ -684,6 +688,7 @@
+@@ -740,6 +744,7 @@ static struct {
 	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
 	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
 	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
 +	{ "checkusersplash", sCheckUserSplash, SSHCFG_GLOBAL },
 	{ "rdomain", sRDomain, SSHCFG_ALL },
- 	{ NULL, sBadOption, 0 }
+ 	{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
- };
+ 	{ "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
-@@ -1295,6 +1300,9 @@
+@@ -1360,6 +1365,9 @@ process_server_config_line_depth(ServerOptions *options, char *line,
 	case sUsePAM:
 		intptr = &options->use_pam;
 		goto parse_flag;
 +	case sCheckUserSplash:
-+        	intptr = &options->check_user_splash;
+		intptr = &options->check_user_splash;
 +		goto parse_flag;
 	/* Standard Options */
 	case sBadOption:
 diff --git a/servconf.h b/servconf.h
-index 8318a74..be86374 100644
+index a3827e5..2c16b5a 100644
 --- a/servconf.h
 +++ b/servconf.h
-@@ -219,6 +219,8 @@
+@@ -226,6 +226,7 @@ typedef struct {
 	int	fingerprint_hash;
 	int	expose_userauth_info;
 	u_int64_t timing_secret;
 +
 +	int check_user_splash;      /* check whether splash exists in username, if exist, disable login */
 	char   *sk_provider;
 }       ServerOptions;
 /* Information about the incoming connection as used by Match */
 diff --git a/sshd_config b/sshd_config
-index 6bbb86b..cc90a90 100644
+index ebc28b3..b121450 100644
 --- a/sshd_config
 +++ b/sshd_config
-@@ -137,3 +137,5 @@ Subsystem	sftp	/usr/libexec/sftp-server
+@@ -125,6 +125,8 @@ Subsystem	sftp	/usr/libexec/sftp-server
 #	AllowTcpForwarding no
 #	PermitTTY no
 #	ForceCommand cvs server
-+
+ 
-+#CheckUserSplash yes
+#CheckUserSplash yes
-- 
+
-1.8.3.1
+ # To modify the system-wide ssh configuration, create a  *.conf  file under
 #  /etc/ssh/sshd_config.d/  which will be automatically included below
 Include /etc/ssh/sshd_config.d/*.conf
 -- 
 2.23.0
--- a/bugfix-supply-callback-to-PEM-read-bio-PrivateKey.patch
+++ b/bugfix-supply-callback-to-PEM-read-bio-PrivateKey.patch
@ -1,45 +0,0 @@
 OpenSSL 1.1.0i has changed the behaviour of their PEM APIs,
 so that empty passphrases are interpreted differently. This
 probabalistically breaks loading some keys, because the PEM format
 is terrible and doesn't include a proper MAC.
 Avoid this by providing a basic callback to avoid passing empty
 passphrases to OpenSSL in cases where one is required.
 ---
 diff --git a/sshkey.c b/sshkey.c
 index 5807627..c973910 100644
 --- a/sshkey.c
 +++ b/sshkey.c
@@ -4063,6 +4063,20 @@ convert_libcrypto_error(void)
 	return translate_libcrypto_error(ERR_peek_last_error());
 }
 +static int
 +pem_passphrase_cb(char *buf, int size, int rwflag, void *u)
 +{
 +	char *p = (char *)u;
 +	size_t len;
 +
 +	if (p == NULL || (len = strlen(p)) == 0)
 +		return -1;
 +	if (size < 0 || len > (size_t)size)
 +		return -1;
 +	memcpy(buf, p, len);
 +	return (int)len;
 +}
 +
 static int
 sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
     const char *passphrase, struct sshkey **keyp)
@@ -4084,7 +4098,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
 	}
 	clear_libcrypto_errors();
 -	if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
 +	if ((pk = PEM_read_bio_PrivateKey(bio, NULL, pem_passphrase_cb,
 	    (char *)passphrase)) == NULL) {
 		r = convert_libcrypto_error();
 		goto out;
--- a/check-for-NULL-return-from-shadow_pw.patch
+++ b/check-for-NULL-return-from-shadow_pw.patch
@ -1,28 +0,0 @@
 From fe8e8f349a553ef4c567acd418aac769a82b7729 Mon Sep 17 00:00:00 2001
 From: Damien Miller <djm@mindrot.org>
 Date: Thu, 11 Oct 2018 11:03:15 +1100
 Subject: [PATCH 067/294] check for NULL return from shadow_pw()
 probably unreachable on this platform; pointed out by
 coolbugcheckers AT gmail.com
 ---
 openbsd-compat/port-uw.c | 3 +++
 1 file changed, 3 insertions(+)
 diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c
 index 9edb1b4..1322131 100644
 --- a/openbsd-compat/port-uw.c
 +++ b/openbsd-compat/port-uw.c
@@ -60,6 +60,9 @@ sys_auth_passwd(struct ssh *ssh, const char *password)
 	/* Just use the supplied fake password if authctxt is invalid */
 	char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
 +	if (pw_password == NULL)
 +		return 0;
 +
 	/* Check for users with no password. */
 	if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
 		return (1);
 -- 
 1.8.3.1
--- a/check-pw_passwd-NULL-here-too.patch
+++ b/check-pw_passwd-NULL-here-too.patch
@ -1,29 +0,0 @@
 From c29b111e7d87c2324ff71c80653dd8da168c13b9 Mon Sep 17 00:00:00 2001
 From: Damien Miller <djm@mindrot.org>
 Date: Thu, 11 Oct 2018 11:29:35 +1100
 Subject: [PATCH 068/294] check pw_passwd != NULL here too
 Again, for systems with broken NIS implementations.
 Prompted by coolbugcheckers AT gmail.com
 ---
 auth-passwd.c | 3 +++
 1 file changed, 3 insertions(+)
 diff --git a/auth-passwd.c b/auth-passwd.c
 index 65f5251..24fcb67 100644
 --- a/auth-passwd.c
 +++ b/auth-passwd.c
@@ -198,6 +198,9 @@ sys_auth_passwd(struct ssh *ssh, const char *password)
 	/* Just use the supplied fake password if authctxt is invalid */
 	char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
 +	if (pw_password == NULL)
 +		return 0;
 +
 	/* Check for users with no password. */
 	if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
 		return (1);
 -- 
 1.8.3.1
--- a/delete-the-correct-thing-kexfuzz-binary.patch
+++ b/delete-the-correct-thing-kexfuzz-binary.patch
@ -1,25 +0,0 @@
 From 41c115a5ea1cb79a6a3182773c58a23f760e8076 Mon Sep 17 00:00:00 2001
 From: Damien Miller <djm@mindrot.org>
 Date: Wed, 12 Sep 2018 16:50:01 +1000
 Subject: [PATCH 016/294] delete the correct thing; kexfuzz binary
 ---
 Makefile.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/Makefile.in b/Makefile.in
 index d3cffc5..46562ad 100644
 --- a/Makefile.in
 +++ b/Makefile.in
@@ -306,7 +306,7 @@ distclean:	regressclean
 	rm -f regress/unittests/pkcs11/*.o
 	rm -f regress/unittests/pkcs11/test_pkcs11
 	rm -f regress/misc/kexfuzz/*.o
 -	rm -f regress/misc/kexfuzz
 +	rm -f regress/misc/kexfuzz/kexfuzz$(EXEEXT)
 	(cd openbsd-compat && $(MAKE) distclean)
 	if test -d pkg ; then \
 		rm -fr pkg ; \
 -- 
 1.8.3.1
--- a/feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch
+++ b/feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch
@ -1,16 +1,16 @@
-From 5e7d567d7c7f61d4ee4f2cb2d56b33fadafd980c Mon Sep 17 00:00:00 2001
+From 6d98c61e18fe65a52e21df9cece74675f9c18125 Mon Sep 17 00:00:00 2001
 From: s00467541 <shenyining@huawei.com>
-Date: Tue, 12 Feb 2019 19:40:42 +0800
+Date: Thu, 16 Apr 2020 17:13:24 +0800
 Subject: [PATCH] sync patch, add new judgement and
 delete default sftp-put-check.cfg
 Signed-off-by: s00467541 <shenyining@huawei.com>
 ---
- sftp-server.c | 699 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ sftp-server.c | 702 +++++++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 688 insertions(+), 11 deletions(-)
+ 1 file changed, 691 insertions(+), 11 deletions(-)
 diff --git a/sftp-server.c b/sftp-server.c
-index 3fbc1f8..fd42be9 100644
+index 01d6f8f..682c19a 100644
 --- a/sftp-server.c
 +++ b/sftp-server.c
@@ -29,6 +29,12 @@
@ -41,10 +41,10 @@ index 3fbc1f8..fd42be9 100644
 +static int cflag = 0;
 +/*add for oom end*/
 +
- /* Our verbosity */
+ char *sftp_realpath(const char *, char *); /* sftp-realpath.c */
 static LogLevel log_level = SYSLOG_LEVEL_ERROR;
-@@ -87,6 +104,452 @@ struct Stat {
+ /* Our verbosity */
@@ -89,6 +106,452 @@ struct Stat {
 	Attrib attrib;
 };
@ -497,7 +497,7 @@ index 3fbc1f8..fd42be9 100644
 /* Packet handlers */
 static void process_open(u_int32_t id);
 static void process_close(u_int32_t id);
-@@ -689,6 +1148,15 @@ process_open(u_int32_t id)
+@@ -695,6 +1158,15 @@ process_open(u_int32_t id)
 	    (r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */
 	    (r = decode_attrib(iqueue, &a)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -513,7 +513,7 @@ index 3fbc1f8..fd42be9 100644
 	debug3("request %u: open flags %d", id, pflags);
 	flags = flags_from_portable(pflags);
-@@ -722,6 +1190,8 @@ process_open(u_int32_t id)
+@@ -728,6 +1200,8 @@ process_open(u_int32_t id)
 		(void) umask(old_umask); /* restore umask to something sane */
 	if (status != SSH2_FX_OK)
 		send_status(id, status);
@ -522,7 +522,7 @@ index 3fbc1f8..fd42be9 100644
 	free(name);
 }
-@@ -753,6 +1223,17 @@ process_read(u_int32_t id)
+@@ -759,6 +1233,17 @@ process_read(u_int32_t id)
 	    (r = sshbuf_get_u32(iqueue, &len)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -540,7 +540,7 @@ index 3fbc1f8..fd42be9 100644
 	debug("request %u: read \"%s\" (handle %d) off %llu len %d",
 	    id, handle_to_name(handle), handle, (unsigned long long)off, len);
 	if (len > sizeof buf) {
-@@ -794,6 +1275,18 @@ process_write(u_int32_t id)
+@@ -800,6 +1285,18 @@ process_write(u_int32_t id)
 	    (r = sshbuf_get_string(iqueue, &data, &len)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -559,12 +559,12 @@ index 3fbc1f8..fd42be9 100644
 	debug("request %u: write \"%s\" (handle %d) off %llu len %zu",
 	    id, handle_to_name(handle), handle, (unsigned long long)off, len);
 	fd = handle_to_fd(handle);
-@@ -807,16 +1299,30 @@ process_write(u_int32_t id)
+@@ -813,16 +1310,30 @@ process_write(u_int32_t id)
 			error("process_write: seek failed");
 		} else {
 /* XXX ATOMICIO ? */
 -			ret = write(fd, data, len);
-			if (ret < 0) {
+-			if (ret == -1) {
 -				error("process_write: write failed");
 -				status = errno_to_portable(errno);
 -			} else if ((size_t)ret == len) {
@ -572,34 +572,34 @@ index 3fbc1f8..fd42be9 100644
 -				handle_update_write(handle, ret);
 -			} else {
 -				debug2("nothing at all written");
-+			/* add begin sftp oom fix */
+                        /* add begin sftp oom fix */
-+			if (storage_flag == 1)
+                        if (storage_flag == 1)
-+				debug("cflag is %d",cflag);
+                                debug("cflag is %d",cflag);
-+			if (!check_before_write(handle_to_name(handle), off)){
+                        if (!check_before_write(handle_to_name(handle), off)){
-+				error("check file size and free mem info before write failed");
+                                error("check file size and free mem info before write failed");
-+				unlink(handle_to_name(handle));
+                                unlink(handle_to_name(handle));	
 				status = SSH2_FX_FAILURE;
-+				send_status(id, status);
+                                send_status(id, status);
-+				free(data);
+                                free(data);
-+				sftp_server_cleanup_exit(1);
+                                sftp_server_cleanup_exit(1);
-+			/* add end sftp oom fix */
+                        /* add end sftp oom fix */
-+			} else {
+                        } else {
 + 
-+				ret = write(fd, data, len);
+                                ret = write(fd, data, len);
-+				if (ret < 0) {
+                                if (ret < 0) {
-+					error("process_write: write failed");
+                                        error("process_write: write failed");
-+					status = errno_to_portable(errno);
+                                        status = errno_to_portable(errno);
-+				} else if ((size_t)ret == len) {
+                                } else if ((size_t)ret == len) {
-+					status = SSH2_FX_OK;
+                                        status = SSH2_FX_OK;
-+					handle_update_write(handle, ret);
+                                        handle_update_write(handle, ret);
-+				} else {
+                                } else {
-+					debug2("nothing at all written");
+                                        debug2("nothing at all written");
-+					status = SSH2_FX_FAILURE;
+                                        status = SSH2_FX_FAILURE;
-+				}
+                                }
 			}
 		}
 	}
-@@ -835,6 +1341,16 @@ process_do_stat(u_int32_t id, int do_lstat)
+@@ -841,6 +1352,16 @@ process_do_stat(u_int32_t id, int do_lstat)
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -616,7 +616,7 @@ index 3fbc1f8..fd42be9 100644
 	debug3("request %u: %sstat", id, do_lstat ? "l" : "");
 	verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name);
 	r = do_lstat ? lstat(name, &st) : stat(name, &st);
-@@ -871,6 +1387,16 @@ process_fstat(u_int32_t id)
+@@ -877,6 +1398,16 @@ process_fstat(u_int32_t id)
 	if ((r = get_handle(iqueue, &handle)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -633,7 +633,7 @@ index 3fbc1f8..fd42be9 100644
 	debug("request %u: fstat \"%s\" (handle %u)",
 	    id, handle_to_name(handle), handle);
 	fd = handle_to_fd(handle);
-@@ -911,6 +1437,14 @@ process_setstat(u_int32_t id)
+@@ -929,6 +1460,14 @@ process_setstat(u_int32_t id)
 	    (r = decode_attrib(iqueue, &a)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -648,7 +648,7 @@ index 3fbc1f8..fd42be9 100644
 	debug("request %u: setstat name \"%s\"", id, name);
 	if (a.flags & SSH2_FILEXFER_ATTR_SIZE) {
 		logit("set \"%s\" size %llu",
-@@ -965,6 +1499,13 @@ process_fsetstat(u_int32_t id)
+@@ -983,6 +1522,13 @@ process_fsetstat(u_int32_t id)
 	else {
 		char *name = handle_to_name(handle);
@ -662,7 +662,7 @@ index 3fbc1f8..fd42be9 100644
 		if (a.flags & SSH2_FILEXFER_ATTR_SIZE) {
 			logit("set \"%s\" size %llu",
 			    name, (unsigned long long)a.size);
-@@ -1022,6 +1563,14 @@ process_opendir(u_int32_t id)
+@@ -1040,6 +1586,14 @@ process_opendir(u_int32_t id)
 	if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -677,20 +677,18 @@ index 3fbc1f8..fd42be9 100644
 	debug3("request %u: opendir", id);
 	logit("opendir \"%s\"", path);
 	dirp = opendir(path);
-@@ -1076,6 +1625,12 @@ process_readdir(u_int32_t id)
+@@ -1094,6 +1648,10 @@ process_readdir(u_int32_t id)
 			    strcmp(path, "/") ? "/" : "", dp->d_name);
- 			if (lstat(pathname, &st) < 0)
+ 			if (lstat(pathname, &st) == -1)
 				continue;
 +
 +			if (RETURN_OK != path_permition_check(pathname,FLAG_PERMITOP))
-+			{
+                        {
-+				continue;
+                                continue;
-+			}
+                        }
 +
 			stat_to_attrib(&st, &(stats[count].attrib));
 			stats[count].name = xstrdup(dp->d_name);
 			stats[count].long_name = ls_file(dp->d_name, &st, 0, 0);
-@@ -1107,6 +1662,14 @@ process_remove(u_int32_t id)
+@@ -1125,6 +1683,14 @@ process_remove(u_int32_t id)
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -705,7 +703,7 @@ index 3fbc1f8..fd42be9 100644
 	debug3("request %u: remove", id);
 	logit("remove name \"%s\"", name);
 	r = unlink(name);
-@@ -1126,6 +1689,14 @@ process_mkdir(u_int32_t id)
+@@ -1144,6 +1710,14 @@ process_mkdir(u_int32_t id)
 	    (r = decode_attrib(iqueue, &a)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -720,7 +718,7 @@ index 3fbc1f8..fd42be9 100644
 	mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
 	    a.perm & 07777 : 0777;
 	debug3("request %u: mkdir", id);
-@@ -1145,6 +1716,14 @@ process_rmdir(u_int32_t id)
+@@ -1163,6 +1737,14 @@ process_rmdir(u_int32_t id)
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -735,13 +733,13 @@ index 3fbc1f8..fd42be9 100644
 	debug3("request %u: rmdir", id);
 	logit("rmdir name \"%s\"", name);
 	r = rmdir(name);
-@@ -1169,8 +1748,12 @@ process_realpath(u_int32_t id)
+@@ -1187,8 +1769,12 @@ process_realpath(u_int32_t id)
 	}
 	debug3("request %u: realpath", id);
 	verbose("realpath \"%s\"", path);
-	if (realpath(path, resolvedname) == NULL) {
+-	if (sftp_realpath(path, resolvedname) == NULL) {
 -		send_status(id, errno_to_portable(errno));
-+	if ((realpath(path, resolvedname) == NULL)
+	if ((sftp_realpath(path, resolvedname) == NULL)
 +		|| (RETURN_OK != path_permition_check(resolvedname,FLAG_PERMITOP))) {
 +		if (storage_flag != 1)
 +			send_status(id, errno_to_portable(errno));
@ -750,7 +748,7 @@ index 3fbc1f8..fd42be9 100644
 	} else {
 		Stat s;
 		attrib_clear(&s.attrib);
-@@ -1191,6 +1774,16 @@ process_rename(u_int32_t id)
+@@ -1209,6 +1795,16 @@ process_rename(u_int32_t id)
 	    (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -767,7 +765,7 @@ index 3fbc1f8..fd42be9 100644
 	debug3("request %u: rename", id);
 	logit("rename old \"%s\" new \"%s\"", oldpath, newpath);
 	status = SSH2_FX_FAILURE;
-@@ -1250,6 +1843,14 @@ process_readlink(u_int32_t id)
+@@ -1268,6 +1864,14 @@ process_readlink(u_int32_t id)
 	if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -782,7 +780,7 @@ index 3fbc1f8..fd42be9 100644
 	debug3("request %u: readlink", id);
 	verbose("readlink \"%s\"", path);
 	if ((len = readlink(path, buf, sizeof(buf) - 1)) == -1)
-@@ -1275,6 +1876,16 @@ process_symlink(u_int32_t id)
+@@ -1293,6 +1897,16 @@ process_symlink(u_int32_t id)
 	    (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -799,7 +797,7 @@ index 3fbc1f8..fd42be9 100644
 	debug3("request %u: symlink", id);
 	logit("symlink old \"%s\" new \"%s\"", oldpath, newpath);
 	/* this will fail if 'newpath' exists */
-@@ -1295,6 +1906,16 @@ process_extended_posix_rename(u_int32_t id)
+@@ -1313,6 +1927,16 @@ process_extended_posix_rename(u_int32_t id)
 	    (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -816,7 +814,7 @@ index 3fbc1f8..fd42be9 100644
 	debug3("request %u: posix-rename", id);
 	logit("posix-rename old \"%s\" new \"%s\"", oldpath, newpath);
 	r = rename(oldpath, newpath);
-@@ -1313,6 +1934,15 @@ process_extended_statvfs(u_int32_t id)
+@@ -1331,6 +1955,15 @@ process_extended_statvfs(u_int32_t id)
 	if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -832,7 +830,7 @@ index 3fbc1f8..fd42be9 100644
 	debug3("request %u: statvfs", id);
 	logit("statvfs \"%s\"", path);
-@@ -1331,6 +1961,17 @@ process_extended_fstatvfs(u_int32_t id)
+@@ -1349,6 +1982,17 @@ process_extended_fstatvfs(u_int32_t id)
 	if ((r = get_handle(iqueue, &handle)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -850,7 +848,7 @@ index 3fbc1f8..fd42be9 100644
 	debug("request %u: fstatvfs \"%s\" (handle %u)",
 	    id, handle_to_name(handle), handle);
 	if ((fd = handle_to_fd(handle)) < 0) {
-@@ -1353,6 +1994,15 @@ process_extended_hardlink(u_int32_t id)
+@@ -1371,6 +2015,15 @@ process_extended_hardlink(u_int32_t id)
 	    (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -866,7 +864,7 @@ index 3fbc1f8..fd42be9 100644
 	debug3("request %u: hardlink", id);
 	logit("hardlink old \"%s\" new \"%s\"", oldpath, newpath);
 	r = link(oldpath, newpath);
-@@ -1369,6 +2019,17 @@ process_extended_fsync(u_int32_t id)
+@@ -1387,6 +2040,17 @@ process_extended_fsync(u_int32_t id)
 	if ((r = get_handle(iqueue, &handle)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -884,7 +882,7 @@ index 3fbc1f8..fd42be9 100644
 	debug3("request %u: fsync (handle %u)", id, handle);
 	verbose("fsync \"%s\"", handle_to_name(handle));
 	if ((fd = handle_to_fd(handle)) < 0)
-@@ -1606,6 +2267,22 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw, int reset_handle
+@@ -1672,6 +2336,22 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw, int reset_handle
 	log_init_handler(__progname, log_level, log_facility, log_stderr, reset_handler);
@ -908,4 +906,5 @@ index 3fbc1f8..fd42be9 100644
 	 * On platforms where we can, avoid making /proc/self/{mem,maps}
 	 * available to the user so that sftp access doesn't automatically
 -- 
-1.8.3.1
+2.23.0
--- a/in-pick_salt-avoid-dereference-of-NULL-passwords.patch
+++ b/in-pick_salt-avoid-dereference-of-NULL-passwords.patch
@ -1,30 +0,0 @@
 From d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0 Mon Sep 17 00:00:00 2001
 From: Damien Miller <djm@mindrot.org>
 Date: Wed, 10 Oct 2018 14:57:00 +1100
 Subject: [PATCH 064/294] in pick_salt() avoid dereference of NULL passwords
 Apparently some NIS implementations can leave pw->pw_passwd (or the
 shadow equivalent) NULL.
 bz#2909; based on patch from Todd Eigenschink
 ---
 openbsd-compat/xcrypt.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
 index c9c6283..360b187 100644
 --- a/openbsd-compat/xcrypt.c
 +++ b/openbsd-compat/xcrypt.c
@@ -82,7 +82,8 @@ pick_salt(void)
 	strlcpy(salt, "xx", sizeof(salt));
 	setpwent();
 	while ((pw = getpwent()) != NULL) {
 -		passwd = shadow_pw(pw);
 +		if ((passwd = shadow_pw(pw)) == NULL)
 +			continue;
 		if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
 			typelen = p - passwd + 1;
 			strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
 -- 
 1.8.3.1
--- a/openssh-5.1p1-askpass-progress.patch
+++ b/openssh-5.1p1-askpass-progress.patch
@ -9,7 +9,7 @@ diff -up openssh-7.4p1/contrib/gnome-ssh-askpass2.c.progress openssh-7.4p1/contr
 #include <gtk/gtk.h>
 #include <gdk/gdkx.h>
-@@ -81,13 +82,24 @@ ok_dialog(GtkWidget *entry, gpointer dia
+@@ -81,14 +82,25 @@ ok_dialog(GtkWidget *entry, gpointer dia
 	gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
 }
@ -25,57 +25,54 @@ diff -up openssh-7.4p1/contrib/gnome-ssh-askpass2.c.progress openssh-7.4p1/contr
 +}
 +
 static int
- passphrase_dialog(char *message)
+ passphrase_dialog(char *message, int prompt_type)
 {
 	const char *failed;
 	char *passphrase, *local;
 	int result, grab_tries, grab_server, grab_pointer;
 	int buttons, default_response;
 -	GtkWidget *parent_window, *dialog, *entry;
 +	GtkWidget *parent_window, *dialog, *entry, *progress, *hbox;
 	GdkGrabStatus status;
 	grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
-@@ -104,14 +116,32 @@ passphrase_dialog(char *message)
+@@ -104,16 +116,37 @@ passphrase_dialog(char *message)
- 					"%s",
+ 	gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
 					message);
-+	hbox = gtk_hbox_new(FALSE, 0);
+ 	if (prompt_type == PROMPT_ENTRY) {
-+	gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), hbox, FALSE,
+		hbox = gtk_hbox_new(FALSE, 0);
-+	    FALSE, 0);
+		gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), hbox, FALSE,
-+	gtk_widget_show(hbox);
+		    FALSE, 0);
 +		gtk_widget_show(hbox);
 +
- 	entry = gtk_entry_new();
+		entry = gtk_entry_new();
- 	gtk_box_pack_start(
+		gtk_box_pack_start(
-	    GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))), entry,
+-		    GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
-	    FALSE, FALSE, 0);
+-		    entry, FALSE, FALSE, 0);
-+	    GTK_BOX(hbox), entry,
+		    GTK_BOX(hbox), entry,
-+	    TRUE, FALSE, 0);
+		    TRUE, FALSE, 0);
-+	gtk_entry_set_width_chars(GTK_ENTRY(entry), 2);
+		gtk_entry_set_width_chars(GTK_ENTRY(entry), 2);
- 	gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
+ 		gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
- 	gtk_widget_grab_focus(entry);
+ 		gtk_widget_grab_focus(entry);
- 	gtk_widget_show(entry);
+ 		gtk_widget_show(entry);
- 
+ 		/* Make <enter> close dialog */
-+	hbox = gtk_hbox_new(FALSE, 0);
+ 		g_signal_connect(G_OBJECT(entry), "activate",
-+	gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), hbox, FALSE,
+ 				 G_CALLBACK(ok_dialog), dialog);
 +
 +		hbox = gtk_hbox_new(FALSE, 0);
 +		gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), hbox, FALSE,
 +	    FALSE, 8);
-+	gtk_widget_show(hbox);
+		gtk_widget_show(hbox);
 +
-+	progress = gtk_progress_bar_new();
+		progress = gtk_progress_bar_new();
 +
-+	gtk_progress_bar_set_text(GTK_PROGRESS_BAR(progress), "Passphrase length hidden intentionally");
+		gtk_progress_bar_set_text(GTK_PROGRESS_BAR(progress), "Passphrase length hidden intentionally");
-+	gtk_box_pack_start(GTK_BOX(hbox), progress, TRUE,
+		gtk_box_pack_start(GTK_BOX(hbox), progress, TRUE,
-+	    TRUE, 5);
+		    TRUE, 5);
-+	gtk_widget_show(progress);
+		gtk_widget_show(progress);
 +		g_signal_connect(G_OBJECT(entry), "changed",
 +				 G_CALLBACK(move_progress), progress);
 +
- 	gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
+ 	}
 	gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
 	gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
@@ -120,6 +150,8 @@ passphrase_dialog(char *message)
 	gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
 	g_signal_connect(G_OBJECT(entry), "activate",
 			 G_CALLBACK(ok_dialog), dialog);
 +	g_signal_connect(G_OBJECT(entry), "changed",
 +			 G_CALLBACK(move_progress), progress);
 	gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
 	/* Grab focus */
--- a/openssh-5.9p1-wIm.patch
+++ b/openssh-5.9p1-wIm.patch
@ -1,78 +0,0 @@
 diff -up openssh-5.9p1/Makefile.in.wIm openssh-5.9p1/Makefile.in
 --- openssh-5.9p1/Makefile.in.wIm	2011-08-05 22:15:18.000000000 +0200
 +++ openssh-5.9p1/Makefile.in	2011-09-12 16:24:18.643674014 +0200
@@ -66,7 +66,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
 	cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
 	compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
 	log.o match.o md-sha256.o moduli.o nchan.o packet.o \
 -	readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
 +	readpass.o rsa.o ttymodes.o whereIam.o xmalloc.o addrmatch.o \
 	atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
 	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
 	kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
 diff -up openssh-5.9p1/log.h.wIm openssh-5.9p1/log.h
 --- openssh-5.9p1/log.h.wIm	2011-06-20 06:42:23.000000000 +0200
 +++ openssh-5.9p1/log.h	2011-09-12 16:34:52.984674326 +0200
@@ -65,6 +65,8 @@ void     verbose(const char *, ...) __at
 void     debug(const char *, ...) __attribute__((format(printf, 1, 2)));
 void     debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
 void     debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
 +void	 _debug_wIm_body(const char *, int, const char *, const char *, int);
 +#define	debug_wIm(a,b) _debug_wIm_body(a,b,__func__,__FILE__,__LINE__)
 void	 set_log_handler(log_handler_fn *, void *);
 diff -up openssh-5.9p1/sshd.c.wIm openssh-5.9p1/sshd.c
 --- openssh-5.9p1/sshd.c.wIm	2011-06-23 11:45:51.000000000 +0200
 +++ openssh-5.9p1/sshd.c	2011-09-12 16:38:35.787816490 +0200
@@ -140,6 +140,9 @@ int deny_severity;
 extern char *__progname;
 +/* trace of fork processes */
 +extern int whereIam;
 +
 /* Server configuration options. */
 ServerOptions options;
@@ -666,6 +669,7 @@ privsep_preauth(Authctxt *authctxt)
 		return 1;
 	} else {
 		/* child */
 +		whereIam = 1;
 		close(pmonitor->m_sendfd);
 		close(pmonitor->m_log_recvfd);
@@ -715,6 +719,7 @@ privsep_postauth(Authctxt *authctxt)
 	/* child */
 +	whereIam = 2;
 	close(pmonitor->m_sendfd);
 	pmonitor->m_sendfd = -1;
@@ -1325,6 +1330,8 @@ main(int ac, char **av)
 	Key *key;
 	Authctxt *authctxt;
 +	whereIam = 0;
 +
 #ifdef HAVE_SECUREWARE
 	(void)set_auth_parameters(ac, av);
 #endif
 diff -up openssh-5.9p1/whereIam.c.wIm openssh-5.9p1/whereIam.c
 --- openssh-5.9p1/whereIam.c.wIm	2011-09-12 16:24:18.722674167 +0200
 +++ openssh-5.9p1/whereIam.c	2011-09-12 16:24:18.724674418 +0200
@@ -0,0 +1,12 @@
 +
 +int whereIam = -1;
 +
 +void _debug_wIm_body(const char *txt, int val, const char *func, const char *file, int line)
 +{
 +	if (txt)
 +		debug("%s=%d, %s(%s:%d) wIm = %d, uid=%d, euid=%d", txt, val, func, file, line, whereIam, getuid(), geteuid());
 +	else
 +		debug("%s(%s:%d) wIm = %d, uid=%d, euid=%d", func, file, line, whereIam, getuid(), geteuid());
 +}
 +
 +
--- a/openssh-6.1p1-gssapi-canohost.patch
+++ b/openssh-6.1p1-gssapi-canohost.patch
@ -1,21 +0,0 @@
 diff -up openssh-6.1p1/sshconnect2.c.canohost openssh-6.1p1/sshconnect2.c
 --- openssh-6.1p1/sshconnect2.c.canohost	2012-10-30 10:52:59.593301692 +0100
 +++ openssh-6.1p1/sshconnect2.c	2012-10-30 11:01:12.870301632 +0100
@@ -699,12 +699,15 @@ userauth_gssapi(Authctxt *authctxt)
 	static u_int mech = 0;
 	OM_uint32 min;
 	int r, ok = 0;
 -	const char *gss_host;
 +	const char *gss_host = NULL;
 	if (options.gss_server_identity)
 		gss_host = options.gss_server_identity;
 -	else if (options.gss_trust_dns)
 +	else if (options.gss_trust_dns) {
 		gss_host = get_canonical_hostname(active_state, 1);
 +		if (strcmp(gss_host, "UNKNOWN") == 0)
 +			gss_host = authctxt->host;
 +	}
 	else
 		gss_host = authctxt->host;
--- a/openssh-6.2p1-vendor.patch
+++ b/openssh-6.2p1-vendor.patch
@ -1,142 +0,0 @@
 diff -up openssh-7.4p1/configure.ac.vendor openssh-7.4p1/configure.ac
 --- openssh-7.4p1/configure.ac.vendor	2016-12-23 13:34:51.681253844 +0100
 +++ openssh-7.4p1/configure.ac	2016-12-23 13:34:51.694253847 +0100
@@ -4930,6 +4930,12 @@ AC_ARG_WITH([lastlog],
 		fi
 	]
 )
 +AC_ARG_ENABLE(vendor-patchlevel,
 +  [  --enable-vendor-patchlevel=TAG  specify a vendor patch level],
 +  [AC_DEFINE_UNQUOTED(SSH_VENDOR_PATCHLEVEL,[SSH_RELEASE "-" "$enableval"],[Define to your vendor patch level, if it has been modified from the upstream source release.])
 +   SSH_VENDOR_PATCHLEVEL="$enableval"],
 +  [AC_DEFINE(SSH_VENDOR_PATCHLEVEL,SSH_RELEASE,[Define to your vendor patch level, if it has been modified from the upstream source release.])
 +   SSH_VENDOR_PATCHLEVEL=none])
 dnl lastlog, [uw]tmpx? detection
 dnl  NOTE: set the paths in the platform section to avoid the
@@ -5194,6 +5200,7 @@ echo "           Translate v4 in v6 hack
 echo "                  BSD Auth support: $BSD_AUTH_MSG"
 echo "              Random number source: $RAND_MSG"
 echo "             Privsep sandbox style: $SANDBOX_STYLE"
 +echo "                Vendor patch level: $SSH_VENDOR_PATCHLEVEL"
 echo ""
 diff -up openssh-7.4p1/servconf.c.vendor openssh-7.4p1/servconf.c
 --- openssh-7.4p1/servconf.c.vendor	2016-12-19 05:59:41.000000000 +0100
 +++ openssh-7.4p1/servconf.c	2016-12-23 13:36:07.555268628 +0100
@@ -143,6 +143,7 @@ initialize_server_options(ServerOptions
 	options->max_authtries = -1;
 	options->max_sessions = -1;
 	options->banner = NULL;
 +	options->show_patchlevel = -1;
 	options->use_dns = -1;
 	options->client_alive_interval = -1;
 	options->client_alive_count_max = -1;
@@ -325,6 +326,8 @@ fill_default_server_options(ServerOption
 		options->ip_qos_bulk = IPTOS_DSCP_CS1;
 	if (options->version_addendum == NULL)
 		options->version_addendum = xstrdup("");
 +	if (options->show_patchlevel == -1)
 +		options->show_patchlevel = 0;
 	if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
 		options->fwd_opts.streamlocal_bind_mask = 0177;
 	if (options->fwd_opts.streamlocal_bind_unlink == -1)
@@ -402,7 +405,7 @@ typedef enum {
 	sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
 	sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes,
 	sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
 -	sBanner, sUseDNS, sHostbasedAuthentication,
 +	sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication,
 	sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
 	sHostKeyAlgorithms,
 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
@@ -528,6 +531,7 @@ static struct {
 	{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
 	{ "maxsessions", sMaxSessions, SSHCFG_ALL },
 	{ "banner", sBanner, SSHCFG_ALL },
 +	{ "showpatchlevel", sShowPatchLevel, SSHCFG_GLOBAL },
 	{ "usedns", sUseDNS, SSHCFG_GLOBAL },
 	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
 	{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
@@ -1369,6 +1373,10 @@ process_server_config_line(ServerOptions
 		intptr = &options->disable_forwarding;
 		goto parse_flag;
 +	case sShowPatchLevel:
 +		intptr = &options->show_patchlevel;
 +		goto parse_flag;
 +
 	case sAllowUsers:
 		while ((arg = strdelim(&cp)) && *arg != '\0') {
 			if (match_user(NULL, NULL, NULL, arg) == -1)
@@ -2269,6 +2277,7 @@ dump_config(ServerOptions *o)
 	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
 	dump_cfg_fmtint(sCompression, o->compression);
 	dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
 +	dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel);
 	dump_cfg_fmtint(sUseDNS, o->use_dns);
 	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
 	dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
 diff -up openssh-7.4p1/servconf.h.vendor openssh-7.4p1/servconf.h
 --- openssh-7.4p1/servconf.h.vendor	2016-12-19 05:59:41.000000000 +0100
 +++ openssh-7.4p1/servconf.h	2016-12-23 13:34:51.694253847 +0100
@@ -149,6 +149,7 @@ typedef struct {
 	int	max_authtries;
 	int	max_sessions;
 	char   *banner;			/* SSH-2 banner message */
 +	int	show_patchlevel;	/* Show vendor patch level to clients */
 	int	use_dns;
 	int	client_alive_interval;	/*
 					 * poke the client this often to
 diff -up openssh-7.4p1/sshd_config.5.vendor openssh-7.4p1/sshd_config.5
 --- openssh-7.4p1/sshd_config.5.vendor	2016-12-23 13:34:51.695253847 +0100
 +++ openssh-7.4p1/sshd_config.5	2016-12-23 13:37:17.482282253 +0100
@@ -1334,6 +1334,13 @@ an OpenSSH Key Revocation List (KRL) as
 .Cm AcceptEnv
 or
 .Cm PermitUserEnvironment .
 +.It Cm ShowPatchLevel 
 +Specifies whether 
 +.Nm sshd 
 +will display the patch level of the binary in the identification string. 
 +The patch level is set at compile-time. 
 +The default is 
 +.Dq no . 
 .It Cm StreamLocalBindMask
 Sets the octal file creation mode mask
 .Pq umask
 diff -up openssh-7.4p1/sshd_config.vendor openssh-7.4p1/sshd_config
 --- openssh-7.4p1/sshd_config.vendor	2016-12-23 13:34:51.690253846 +0100
 +++ openssh-7.4p1/sshd_config	2016-12-23 13:34:51.695253847 +0100
@@ -105,6 +105,7 @@ X11Forwarding yes
 #Compression delayed
 #ClientAliveInterval 0
 #ClientAliveCountMax 3
 +#ShowPatchLevel no
 #UseDNS no
 #PidFile /var/run/sshd.pid
 #MaxStartups 10:30:100
 diff -up openssh-7.4p1/sshd.c.vendor openssh-7.4p1/sshd.c
 --- openssh-7.4p1/sshd.c.vendor	2016-12-23 13:34:51.682253844 +0100
 +++ openssh-7.4p1/sshd.c	2016-12-23 13:38:32.434296856 +0100
@@ -367,7 +367,8 @@ sshd_exchange_identification(struct ssh
 	char remote_version[256];	/* Must be at least as big as buf. */
 	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
 -	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
 +	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
 +	    (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
 	    *options.version_addendum == '\0' ? "" : " ",
 	    options.version_addendum);
@@ -1650,7 +1651,8 @@ main(int ac, char **av)
 		exit(1);
 	}
 -	debug("sshd version %s, %s", SSH_VERSION,
 +	debug("sshd version %s, %s", 
 +		(options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
 #ifdef WITH_OPENSSL
 	    SSLeay_version(SSLEAY_VERSION)
 #else
--- a/openssh-6.6.1p1-log-in-chroot.patch
+++ b/openssh-6.6.1p1-log-in-chroot.patch
@ -46,7 +46,7 @@ diff -up openssh-7.4p1/monitor.c.log-in-chroot openssh-7.4p1/monitor.c
 +	pmonitor->m_state = "preauth";
 +
- 	authctxt = _authctxt;
+ 	authctxt = (Authctxt *)ssh->authctxt;
 	memset(authctxt, 0, sizeof(*authctxt));
 	ssh->authctxt = authctxt;
@@ -405,6 +407,8 @@ monitor_child_postauth(struct monitor *p
@ -56,8 +56,8 @@ diff -up openssh-7.4p1/monitor.c.log-in-chroot openssh-7.4p1/monitor.c
 +	pmonitor->m_state = "postauth";
 +
 	monitor_set_child_handler(pmonitor->m_pid);
- 	signal(SIGHUP, &monitor_child_handler);
+ 	ssh_signal(SIGHUP, &monitor_child_handler);
- 	signal(SIGTERM, &monitor_child_handler);
+ 	ssh_signal(SIGTERM, &monitor_child_handler);
@@ -472,7 +476,7 @@ monitor_read_log(struct monitor *pmonito
 	if (log_level_name(level) == NULL)
 		fatal("%s: invalid log level %u (corrupted message?)",
@ -113,7 +113,7 @@ diff -up openssh-7.4p1/monitor.h.log-in-chroot openssh-7.4p1/monitor.h
 +void monitor_reinit(struct monitor *, const char *);
 struct Authctxt;
- void monitor_child_preauth(struct Authctxt *, struct monitor *);
+ void monitor_child_preauth(struct ssh *, struct monitor *);
 diff -up openssh-7.4p1/session.c.log-in-chroot openssh-7.4p1/session.c
 --- openssh-7.4p1/session.c.log-in-chroot	2016-12-23 15:14:33.319168086 +0100
 +++ openssh-7.4p1/session.c	2016-12-23 15:18:18.742211853 +0100
@ -210,8 +210,8 @@ diff -up openssh-7.4p1/sftp-server.c.log-in-chroot openssh-7.4p1/sftp-server.c
 	fd_set *rset, *wset;
 	int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0;
@@ -1511,7 +1511,7 @@ sftp_server_main(int argc, char **argv,
 	extern char *__progname;
 	ssh_malloc_init();	/* must be called before any mallocs */
 	__progname = ssh_get_progname(argv[0]);
 -	log_init(__progname, log_level, log_facility, log_stderr);
 +	log_init_handler(__progname, log_level, log_facility, log_stderr, reset_handler);
--- a/openssh-6.6.1p1-scp-non-existing-directory.patch
+++ b/openssh-6.6.1p1-scp-non-existing-directory.patch
@ -10,5 +10,5 @@
 +		}
 		omode = mode;
 		mode |= S_IWUSR;
- 		if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
+ 		if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) == -1) {
 -- 
--- a/openssh-6.6.1p1-selinux-contexts.patch
+++ b/openssh-6.6.1p1-selinux-contexts.patch
@ -19,7 +19,7 @@ index 8f32464..18a2ca4 100644
 	if (!sshd_selinux_enabled())
 		return;
-@@ -461,6 +462,58 @@ sshd_selinux_copy_context(void)
+@@ -461,6 +462,72 @@ sshd_selinux_copy_context(void)
 	}
 }
@ -30,46 +30,60 @@ index 8f32464..18a2ca4 100644
 +	char line[1024], *preauth_context = NULL, *cp, *arg;
 +	const char *contexts_path;
 +	FILE *contexts_file;
 +	struct stat sb;
 +
 +	contexts_path = selinux_openssh_contexts_path();
-+	if (contexts_path != NULL) {
+	if (contexts_path == NULL) {
-+		if ((contexts_file = fopen(contexts_path, "r")) != NULL) {
+		debug3("%s: Failed to get the path to SELinux context", __func__);
-+			struct stat sb;
+		return;
 +
 +			if (fstat(fileno(contexts_file), &sb) == 0 && ((sb.st_uid == 0) && ((sb.st_mode & 022) == 0))) {
 +				while (fgets(line, sizeof(line), contexts_file)) {
 +					/* Strip trailing whitespace */
 +					for (len = strlen(line) - 1; len > 0; len--) {
 +						if (strchr(" \t\r\n", line[len]) == NULL)
 +							break;
 +						line[len] = '\0';
 +					}
 +
 +					if (line[0] == '\0')
 +						continue;
 +
 +					cp = line;
 +					arg = strdelim(&cp);
 +					if (arg && *arg == '\0')
 +						arg = strdelim(&cp);
 +
 +					if (arg && strcmp(arg, "privsep_preauth") == 0) {
 +						arg = strdelim(&cp);
 +						if (!arg || *arg == '\0') {
 +							debug("%s: privsep_preauth is empty", __func__);
 +							fclose(contexts_file);
 +							return;
 +						}
 +						preauth_context = xstrdup(arg);
 +					}
 +				}
 +			}
 +			fclose(contexts_file);
 +		}
 +	}
 +
-+	if (preauth_context == NULL)
+	if ((contexts_file = fopen(contexts_path, "r")) == NULL) {
-+		preauth_context = xstrdup("sshd_net_t");
+		debug("%s: Failed to open SELinux context file", __func__);
 +		return;
 +	}
 +
 +	if (fstat(fileno(contexts_file), &sb) != 0 ||
 +	    sb.st_uid != 0 || (sb.st_mode & 022) != 0) {
 +		logit("%s: SELinux context file needs to be owned by root"
 +		    " and not writable by anyone else", __func__);
 +		fclose(contexts_file);
 +		return;
 +	}
 +
 +	while (fgets(line, sizeof(line), contexts_file)) {
 +		/* Strip trailing whitespace */
 +		for (len = strlen(line) - 1; len > 0; len--) {
 +			if (strchr(" \t\r\n", line[len]) == NULL)
 +				break;
 +			line[len] = '\0';
 +		}
 +
 +		if (line[0] == '\0')
 +			continue;
 +
 +		cp = line;
 +		arg = strdelim(&cp);
 +		if (arg && *arg == '\0')
 +			arg = strdelim(&cp);
 +
 +		if (arg && strcmp(arg, "privsep_preauth") == 0) {
 +			arg = strdelim(&cp);
 +			if (!arg || *arg == '\0') {
 +				debug("%s: privsep_preauth is empty", __func__);
 +				fclose(contexts_file);
 +				return;
 +			}
 +			preauth_context = xstrdup(arg);
 +		}
 +	}
 +	fclose(contexts_file);
 +
 +	if (preauth_context == NULL) {
 +		debug("%s: Unable to find 'privsep_preauth' option in"
 +		    " SELinux context file", __func__);
 +		return;
 +	}
 +
 +	ssh_selinux_change_context(preauth_context);
 +	free(preauth_context);
@ -82,14 +96,6 @@ diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
 index 22ea8ef..1fc963d 100644
 --- a/openbsd-compat/port-linux.c
 +++ b/openbsd-compat/port-linux.c
@@ -26,6 +26,7 @@
 #include <stdarg.h>
 #include <string.h>
 #include <stdio.h>
 +#include <stdlib.h>
 #include "log.h"
 #include "xmalloc.h"
@@ -179,7 +179,7 @@ ssh_selinux_change_context(const char *newname)
 	strlcpy(newctx + len, newname, newlen - len);
 	if ((cx = index(cx + 1, ':')))
--- a/openssh-6.6p1-GSSAPIEnablek5users.patch
+++ b/openssh-6.6p1-GSSAPIEnablek5users.patch
@ -22,15 +22,15 @@ diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c
 --- openssh-7.4p1/servconf.c.GSSAPIEnablek5users	2016-12-23 15:18:40.615216100 +0100
 +++ openssh-7.4p1/servconf.c	2016-12-23 15:35:36.354401156 +0100
@@ -168,6 +168,7 @@ initialize_server_options(ServerOptions
 	options->gss_strict_acceptor = -1;
 	options->gss_store_rekey = -1;
 	options->gss_kex_algorithms = NULL;
 	options->use_kuserok = -1;
 +	options->enable_k5users = -1;
 	options->password_authentication = -1;
 	options->kbd_interactive_authentication = -1;
 	options->challenge_response_authentication = -1;
@@ -345,6 +346,8 @@ fill_default_server_options(ServerOption
- 		options->gss_store_rekey = 0;
+ #endif
 	if (options->use_kuserok == -1)
 		options->use_kuserok = 1;
 +	if (options->enable_k5users == -1)
@ -44,20 +44,22 @@ diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c
 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
 -	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
 +	sGssAuthentication, sGssCleanupCreds, sGssEnablek5users, sGssStrictAcceptor,
- 	sGssKeyEx, sGssStoreRekey, sAcceptEnv, sSetEnv, sPermitTunnel,
+ 	sGssKeyEx, sGssKexAlgorithms, sGssStoreRekey,
 	sAcceptEnv, sSetEnv, sPermitTunnel,
 	sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
- 	sUsePrivilegeSeparation, sAllowAgentForwarding,
+@@ -497,14 +500,16 @@ static struct {
@@ -497,12 +500,14 @@ static struct {
 	{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
 	{ "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
 	{ "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
 	{ "gssapikexalgorithms", sGssKexAlgorithms, SSHCFG_GLOBAL },
 +	{ "gssapienablek5users", sGssEnablek5users, SSHCFG_ALL },
 #else
 	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
 	{ "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL },
 	{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
 	{ "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
 	{ "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
 	{ "gssapikexalgorithms", sUnsupported, SSHCFG_GLOBAL },
 +	{ "gssapienablek5users", sUnsupported, SSHCFG_ALL },
 #endif
 	{ "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL },
@ -83,7 +85,7 @@ diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c
 	M_CP_INTOPT(log_level);
@@ -2320,6 +2330,7 @@ dump_config(ServerOptions *o)
 # endif
- 	dump_cfg_fmtint(sKerberosUniqueTicket, o->kerberos_unique_ticket);
+ 	dump_cfg_fmtint(sKerberosUniqueCCache, o->kerberos_unique_ccache);
 	dump_cfg_fmtint(sKerberosUseKuserok, o->use_kuserok);
 +	dump_cfg_fmtint(sGssEnablek5users, o->enable_k5users);
 #endif
@ -93,7 +95,7 @@ diff -up openssh-7.4p1/servconf.h.GSSAPIEnablek5users openssh-7.4p1/servconf.h
 --- openssh-7.4p1/servconf.h.GSSAPIEnablek5users	2016-12-23 15:18:40.616216100 +0100
 +++ openssh-7.4p1/servconf.h	2016-12-23 15:18:40.629216102 +0100
@@ -174,6 +174,7 @@ typedef struct {
-	int     kerberos_unique_ticket;		/* If true, the aquired ticket will
+	int     kerberos_unique_ccache;		/* If true, the acquired ticket will
 						 * be stored in per-session ccache */
 	int	use_kuserok;
 +	int		enable_k5users;
@ -120,7 +122,7 @@ diff -up openssh-7.4p1/sshd_config.GSSAPIEnablek5users openssh-7.4p1/sshd_config
 --- openssh-7.4p1/sshd_config.GSSAPIEnablek5users	2016-12-23 15:18:40.616216100 +0100
 +++ openssh-7.4p1/sshd_config	2016-12-23 15:18:40.631216103 +0100
@@ -80,6 +80,7 @@ GSSAPIAuthentication yes
- GSSAPICleanupCredentials no
+ #GSSAPICleanupCredentials yes
 #GSSAPIStrictAcceptorCheck yes
 #GSSAPIKeyExchange no
 +#GSSAPIEnablek5users no
--- a/openssh-6.6p1-ctr-cavstest.patch
+++ b/openssh-6.6p1-ctr-cavstest.patch
@ -7,14 +7,14 @@ diff -up openssh-6.8p1/Makefile.in.ctr-cavs openssh-6.8p1/Makefile.in
 SSH_KEYCAT=$(libexecdir)/ssh-keycat
 +CTR_CAVSTEST=$(libexecdir)/ctr-cavstest
 SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
 SSH_SK_HELPER=$(libexecdir)/ssh-sk-helper
 PRIVSEP_PATH=@PRIVSEP_PATH@
 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
@@ -66,7 +67,7 @@ EXEEXT=@EXEEXT@
 MKDIR_P=@MKDIR_P@
 INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
+ .SUFFIXES: .lo
-+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)
+ 
 -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
 +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)
 XMSS_OBJS=\
 	ssh-xmss.o \
@ -25,8 +25,8 @@ diff -up openssh-6.8p1/Makefile.in.ctr-cavs openssh-6.8p1/Makefile.in
 +ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
 +	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
 +
- ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
- 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ 	$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
@@ -326,6 +330,7 @@ install-files:
 		$(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
@ -187,7 +187,7 @@ diff -up openssh-6.8p1/ctr-cavstest.c.ctr-cavs openssh-6.8p1/ctr-cavstest.c
 +                usage();
 +        }
 +
-+	SSLeay_add_all_algorithms();
+	OpenSSL_add_all_algorithms();
 +
 +	c = cipher_by_name(algo);
 +	if (c == NULL) {
--- a/openssh-6.6p1-force_krb.patch
+++ b/openssh-6.6p1-force_krb.patch
@ -235,9 +235,9 @@ index 28659ec..9c94d8e 100644
 +#endif
 +#endif
 +
 	s->forced = 0;
 	if (forced != NULL) {
- 		if (IS_INTERNAL_SFTP(command)) {
+ 		s->forced = 1;
 			s->is_subsystem = s->is_subsystem ?
 diff --git a/ssh-gss.h b/ssh-gss.h
 index 0374c88..509109a 100644
 --- a/ssh-gss.h
--- a/openssh-6.6p1-keycat.patch
+++ b/openssh-6.6p1-keycat.patch
@ -41,22 +41,22 @@ diff -up openssh/Makefile.in.keycat openssh/Makefile.in
 SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
 +SSH_KEYCAT=$(libexecdir)/ssh-keycat
 SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
 SSH_SK_HELPER=$(libexecdir)/ssh-sk-helper
 PRIVSEP_PATH=@PRIVSEP_PATH@
 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
@@ -52,6 +52,7 @@ K5LIBS=@K5LIBS@
 GSSLIBS=@GSSLIBS@
 SSHLIBS=@SSHLIBS@
 SSHDLIBS=@SSHDLIBS@
 +KEYCATLIBS=@KEYCATLIBS@
 LIBEDIT=@LIBEDIT@
 LIBFIDO2=@LIBFIDO2@
 AR=@AR@
 AWK=@AWK@
@@ -65,7 +66,7 @@ EXEEXT=@EXEEXT@
 MKDIR_P=@MKDIR_P@
 INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
+ .SUFFIXES: .lo
-+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
+ 
 -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) ssh-ldap-helper$(EXEEXT)
 +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
 XMSS_OBJS=\
 	ssh-xmss.o \
@ -67,8 +67,8 @@ diff -up openssh/Makefile.in.keycat openssh/Makefile.in
 +ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
 +	$(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS)
 +
- ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
- 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ 	$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
@@ -321,6 +325,7 @@ install-files:
 		$(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
--- a/openssh-6.6p1-keyperm.patch
+++ b/openssh-6.6p1-keyperm.patch
@ -1,8 +1,7 @@
-diff --git a/authfile.c b/authfile.c
+diff -up openssh-8.2p1/authfile.c.keyperm openssh-8.2p1/authfile.c
-index e93d867..4fc5b3d 100644
+--- openssh-8.2p1/authfile.c.keyperm	2020-02-14 01:40:54.000000000 +0100
--- a/authfile.c
+++ openssh-8.2p1/authfile.c	2020-02-17 11:55:12.841729758 +0100
-+++ b/authfile.c
+@@ -31,6 +31,7 @@
@@ -32,6 +32,7 @@
 #include <errno.h>
 #include <fcntl.h>
@ -10,17 +9,23 @@ index e93d867..4fc5b3d 100644
 #include <stdio.h>
 #include <stdarg.h>
 #include <stdlib.h>
-@@ -207,6 +208,13 @@ sshkey_perm_ok(int fd, const char *filename)
+@@ -101,7 +102,19 @@ sshkey_perm_ok(int fd, const char *filen
 #ifdef HAVE_CYGWIN
 	if (check_ntsec(filename))
 #endif
 +	if (st.st_mode & 040) {
 +		struct group *gr;
 +
 +		if ((gr = getgrnam("ssh_keys")) && (st.st_gid == gr->gr_gid))
 +			st.st_mode &= ~040;
 +	}
 +
 	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
 +		if (st.st_mode & 040) {
 +			struct group *gr;
 +
 +			if ((gr = getgrnam("ssh_keys")) && (st.st_gid == gr->gr_gid)) {
 +				/* The only additional bit is read
 +				 * for ssh_keys group, which is fine */
 +				if ((st.st_mode & 077) == 040 ) {
 +					return 0;
 +				}
 +			}
 +		}
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
--- a/openssh-6.6p1-kuserok.patch
+++ b/openssh-6.6p1-kuserok.patch
@ -176,17 +176,17 @@ diff -up openssh-7.4p1/servconf.c.kuserok openssh-7.4p1/servconf.c
 --- openssh-7.4p1/servconf.c.kuserok	2016-12-23 14:36:07.630465944 +0100
 +++ openssh-7.4p1/servconf.c	2016-12-23 15:11:52.278133344 +0100
@@ -116,6 +116,7 @@ initialize_server_options(ServerOptions
 	options->gss_cleanup_creds = -1;
 	options->gss_strict_acceptor = -1;
 	options->gss_store_rekey = -1;
 	options->gss_kex_algorithms = NULL;
 +	options->use_kuserok = -1;
 	options->password_authentication = -1;
 	options->kbd_interactive_authentication = -1;
 	options->challenge_response_authentication = -1;
@@ -278,6 +279,8 @@ fill_default_server_options(ServerOption
- 		options->gss_strict_acceptor = 1;
+ 	if (options->gss_kex_algorithms == NULL)
- 	if (options->gss_store_rekey == -1)
+ 		options->gss_kex_algorithms = strdup(GSS_KEX_DEFAULT_KEX);
- 		options->gss_store_rekey = 0;
+ #endif
 +	if (options->use_kuserok == -1)
 +		options->use_kuserok = 1;
 	if (options->password_authentication == -1)
@ -196,28 +196,28 @@ diff -up openssh-7.4p1/servconf.c.kuserok openssh-7.4p1/servconf.c
 	sPermitRootLogin, sLogFacility, sLogLevel,
 	sRhostsRSAAuthentication, sRSAAuthentication,
 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
-	sKerberosGetAFSToken, sKerberosUniqueTicket,
+-	sKerberosGetAFSToken, sKerberosUniqueCCache,
-+	sKerberosGetAFSToken, sKerberosUniqueTicket, sKerberosUseKuserok,
+	sKerberosGetAFSToken, sKerberosUniqueCCache, sKerberosUseKuserok,
 	sChallengeResponseAuthentication,
 	sPasswordAuthentication, sKbdInteractiveAuthentication,
 	sListenAddress, sAddressFamily,
@@ -478,12 +481,14 @@ static struct {
 	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
 #endif
- 	{ "kerberosuniqueticket", sKerberosUniqueTicket, SSHCFG_GLOBAL },
+ 	{ "kerberosuniqueccache", sKerberosUniqueCCache, SSHCFG_GLOBAL },
 +	{ "kerberosusekuserok", sKerberosUseKuserok, SSHCFG_ALL },
 #else
 	{ "kerberosauthentication", sUnsupported, SSHCFG_ALL },
 	{ "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
 	{ "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
 	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
- 	{ "kerberosuniqueticket", sUnsupported, SSHCFG_GLOBAL },
+ 	{ "kerberosuniqueccache", sUnsupported, SSHCFG_GLOBAL },
 +	{ "kerberosusekuserok", sUnsupported, SSHCFG_ALL },
 #endif
 	{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
 	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
@@ -1644,6 +1649,10 @@ process_server_config_line(ServerOptions
- 		*activep = value;
+ 		*activep = (inc_flags & SSHCFG_NEVERMATCH) ? 0 : value;
 		break;
 +	case sKerberosUseKuserok:
@ -238,7 +238,7 @@ diff -up openssh-7.4p1/servconf.c.kuserok openssh-7.4p1/servconf.c
@@ -2309,6 +2319,7 @@ dump_config(ServerOptions *o)
 	dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
 # endif
- 	dump_cfg_fmtint(sKerberosUniqueTicket, o->kerberos_unique_ticket);
+ 	dump_cfg_fmtint(sKerberosUniqueCCache, o->kerberos_unique_ccache);
 +	dump_cfg_fmtint(sKerberosUseKuserok, o->use_kuserok);
 #endif
 #ifdef GSSAPI
@ -248,7 +248,7 @@ diff -up openssh-7.4p1/servconf.h.kuserok openssh-7.4p1/servconf.h
 +++ openssh-7.4p1/servconf.h	2016-12-23 14:36:07.645465936 +0100
@@ -118,6 +118,7 @@ typedef struct {
 						 * authenticated with Kerberos. */
- 	int     kerberos_unique_ticket;		/* If true, the aquired ticket will
+ 	int     kerberos_unique_ccache;		/* If true, the acquired ticket will
 						 * be stored in per-session ccache */
 +	int	use_kuserok;
 	int     gss_authentication;	/* If true, permit GSSAPI authentication */
@ -258,9 +258,9 @@ diff -up openssh-7.4p1/sshd_config.5.kuserok openssh-7.4p1/sshd_config.5
 --- openssh-7.4p1/sshd_config.5.kuserok	2016-12-23 14:36:07.637465940 +0100
 +++ openssh-7.4p1/sshd_config.5	2016-12-23 15:14:03.117162222 +0100
@@ -850,6 +850,10 @@ Specifies whether to automatically destr
- tickets aquired in different sessions of the same user.
+ .Cm no
- The default is
+ can lead to overwriting previous tickets by subseqent connections to the same
- .Cm no .
+ user account.
 +.It Cm KerberosUseKuserok
 +Specifies whether to look at .k5login file for user's aliases.
 +The default is
@ -286,4 +286,4 @@ diff -up openssh-7.4p1/sshd_config.kuserok openssh-7.4p1/sshd_config
 +#KerberosUseKuserok yes
 # GSSAPI options
- GSSAPIAuthentication yes
+ #GSSAPIAuthentication no
--- a/openssh-6.6p1-privsep-selinux.patch
+++ b/openssh-6.6p1-privsep-selinux.patch
@ -25,15 +25,15 @@ diff -up openssh-7.4p1/openbsd-compat/port-linux-sshd.c.privsep-selinux openssh-
 +		return;
 +
 +	if (getexeccon((security_context_t *)&ctx) != 0) {
-+		logit("%s: getcon failed with %s", __func__, strerror (errno));
+		logit("%s: getexeccon failed with %s", __func__, strerror(errno));
 +		return;
 +	}
 +	if (ctx != NULL) {
 +		/* unset exec context before we will lose this capabililty */
 +		if (setexeccon(NULL) != 0)
-+			fatal("%s: setexeccon failed with %s", __func__, strerror (errno));
+			fatal("%s: setexeccon failed with %s", __func__, strerror(errno));
 +		if (setcon(ctx) != 0)
-+			fatal("%s: setcon failed with %s", __func__, strerror (errno));
+			fatal("%s: setcon failed with %s", __func__, strerror(errno));
 +		freecon(ctx);
 +	}
 +}
--- a/openssh-6.7p1-coverity.patch
+++ b/openssh-6.7p1-coverity.patch
@ -20,7 +20,7 @@ diff -up openssh-7.4p1/monitor.c.coverity openssh-7.4p1/monitor.c
 --- openssh-7.4p1/monitor.c.coverity	2016-12-23 16:40:26.888788688 +0100
 +++ openssh-7.4p1/monitor.c	2016-12-23 16:40:26.900788691 +0100
@@ -411,7 +411,7 @@ monitor_child_preauth(Authctxt *_authctx
- 	mm_get_keystate(pmonitor);
+ 	mm_get_keystate(ssh, pmonitor);
 	/* Drain any buffered messages from the child */
 -	while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
@ -124,23 +124,23 @@ diff -up openssh-7.4p1/serverloop.c.coverity openssh-7.4p1/serverloop.c
 }
@@ -518,7 +518,7 @@ server_request_tun(void)
 		debug("%s: invalid tun", __func__);
 		goto done;
 	}
 	tun = packet_get_int();
 -	if (auth_opts->force_tun_device != -1) {
 +	if (auth_opts->force_tun_device >= 0) {
- 		if (tun != SSH_TUNID_ANY && auth_opts->force_tun_device != tun)
+ 		if (tun != SSH_TUNID_ANY &&
 		    auth_opts->force_tun_device != (int)tun)
 			goto done;
 		tun = auth_opts->force_tun_device;
 diff -up openssh-7.4p1/sftp.c.coverity openssh-7.4p1/sftp.c
 --- openssh-7.4p1/sftp.c.coverity	2016-12-19 05:59:41.000000000 +0100
 +++ openssh-7.4p1/sftp.c	2016-12-23 16:40:26.903788691 +0100
@@ -224,7 +224,7 @@ killchild(int signo)
- {
+ 	pid = sshpid;
- 	if (sshpid > 1) {
+ 	if (pid > 1) {
- 		kill(sshpid, SIGTERM);
+ 		kill(pid, SIGTERM);
-		waitpid(sshpid, NULL, 0);
+-		waitpid(pid, NULL, 0);
-+		(void) waitpid(sshpid, NULL, 0);
+		(void) waitpid(pid, NULL, 0);
 	}
 	_exit(1);
@ -163,7 +163,7 @@ diff -up openssh-7.4p1/sshd.c.coverity openssh-7.4p1/sshd.c
 +++ openssh-7.4p1/sshd.c	2016-12-23 16:40:26.904788692 +0100
@@ -691,8 +691,10 @@ privsep_preauth(Authctxt *authctxt)
- 		privsep_preauth_child();
+ 		privsep_preauth_child(ssh);
 		setproctitle("%s", "[net]");
 -		if (box != NULL)
 +		if (box != NULL) {
@ -174,8 +174,8 @@ diff -up openssh-7.4p1/sshd.c.coverity openssh-7.4p1/sshd.c
 		return 0;
 	}
@@ -1386,6 +1388,9 @@ server_accept_loop(int *sock_in, int *so
- 		if (num_listen_socks < 0)
+ 			explicit_bzero(rnd, sizeof(rnd));
- 			break;
+ 		}
 	}
 +
 +	if (fdset != NULL)
--- a/openssh-6.7p1-kdf-cavs.patch
+++ b/openssh-6.7p1-kdf-cavs.patch
@ -7,14 +7,14 @@ diff -up openssh-6.8p1/Makefile.in.kdf-cavs openssh-6.8p1/Makefile.in
 CTR_CAVSTEST=$(libexecdir)/ctr-cavstest
 +SSH_CAVS=$(libexecdir)/ssh-cavs
 SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
 SSH_SK_HELPER=$(libexecdir)/ssh-sk-helper
 PRIVSEP_PATH=@PRIVSEP_PATH@
 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
@@ -67,7 +68,7 @@ EXEEXT=@EXEEXT@
 MKDIR_P=@MKDIR_P@
 INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)
+ .SUFFIXES: .lo
-+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT) ssh-cavs$(EXEEXT)
+ 
 -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)
 +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT) ssh-cavs$(EXEEXT)
 XMSS_OBJS=\
 	ssh-xmss.o \
@ -22,11 +22,11 @@ diff -up openssh-6.8p1/Makefile.in.kdf-cavs openssh-6.8p1/Makefile.in
 ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
 	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
-+ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-cavs.o
+ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-cavs.o $(SKOBJS)
-+	$(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+	$(LD) -o $@ ssh-cavs.o $(SKOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 +
- ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
- 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ 	$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
@@ -331,6 +335,8 @@ install-files:
 	fi
@ -40,7 +40,7 @@ diff -up openssh-6.8p1/Makefile.in.kdf-cavs openssh-6.8p1/Makefile.in
 diff -up openssh-6.8p1/ssh-cavs.c.kdf-cavs openssh-6.8p1/ssh-cavs.c
 --- openssh-6.8p1/ssh-cavs.c.kdf-cavs	2015-03-18 11:23:46.348049354 +0100
 +++ openssh-6.8p1/ssh-cavs.c	2015-03-18 11:23:46.348049354 +0100
-@@ -0,0 +1,377 @@
+@@ -0,0 +1,387 @@
 +/*
 + * Copyright (C) 2015, Stephan Mueller <smueller@chronox.de>
 + *
@ -208,6 +208,7 @@ diff -up openssh-6.8p1/ssh-cavs.c.kdf-cavs openssh-6.8p1/ssh-cavs.c
 +{
 +	int ret = 0;
 +	struct kex kex;
 +	struct sshbuf *Kb = NULL;
 +	BIGNUM *Kbn = NULL;
 +	int mode = 0;
 +	struct newkeys *ctoskeys;
@ -222,10 +223,17 @@ diff -up openssh-6.8p1/ssh-cavs.c.kdf-cavs openssh-6.8p1/ssh-cavs.c
 +	Kbn = BN_new();
 +	BN_bin2bn(test->K, test->Klen, Kbn);
 +	if (!Kbn) {
-+		printf("cannot convert K into BIGNUM\n");
+		printf("cannot convert K into bignum\n");
 +		ret = 1;
 +		goto out;
 +	}
 +	Kb = sshbuf_new();
 +	if (!Kb) {
 +		printf("cannot convert K into sshbuf\n");
 +		ret = 1;
 +		goto out;
 +	}
 +	sshbuf_put_bignum2(Kb, Kbn);
 +
 +	kex.session_id = test->session_id;
 +	kex.session_id_len = test->session_id_len;
@ -285,7 +293,7 @@ diff -up openssh-6.8p1/ssh-cavs.c.kdf-cavs openssh-6.8p1/ssh-cavs.c
 +		goto out;
 +	}
 +	ssh->kex = &kex;
-+	kex_derive_keys_bn(ssh, test->H, test->Hlen, Kbn);
+	kex_derive_keys(ssh, test->H, test->Hlen, Kb);
 +
 +	ctoskeys = kex.newkeys[0];
 +	stockeys = kex.newkeys[1];
@ -321,6 +329,8 @@ diff -up openssh-6.8p1/ssh-cavs.c.kdf-cavs openssh-6.8p1/ssh-cavs.c
 +out:
 +	if (Kbn)
 +		BN_free(Kbn);
 +	if (Kb)
 +		sshbuf_free(Kb);
 +	if (ssh)
 +		ssh_packet_close(ssh);
 +	return ret;
--- a/openssh-6.7p1-ldap.patch
+++ b/openssh-6.7p1-ldap.patch
@ -134,52 +134,54 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
 +SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
 +SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
 SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
 SSH_SK_HELPER=$(libexecdir)/ssh-sk-helper
 PRIVSEP_PATH=@PRIVSEP_PATH@
 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
@@ -50,6 +50,7 @@
 CFLAGS=@CFLAGS@
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
 PICFLAG=@PICFLAG@
 LIBS=@LIBS@
 +LDAPLIBS=@LDAPLIBS@
 K5LIBS=@K5LIBS@
 GSSLIBS=@GSSLIBS@
 SSHLIBS=@SSHLIBS@
-@@ -61,8 +63,9 @@ XAUTH_PATH=@XAUTH_PATH@
+@@ -61,10 +63,11 @@ XAUTH_PATH=@XAUTH_PATH@
 EXEEXT=@EXEEXT@
 MANFMT=@MANFMT@
 MKDIR_P=@MKDIR_P@
 +INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
+ .SUFFIXES: .lo
-+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
+ 
 -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
 +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) ssh-ldap-helper$(EXEEXT)
 XMSS_OBJS=\
 	ssh-xmss.o \
@@ -112,8 +115,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
 	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
 	sandbox-solaris.o uidswap.o
-MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
+ SFTP_OBJS=	sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
-MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
+ 
-+MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap-helper.8.out ssh-ldap.conf.5.out
+-MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-sk-helper.8.out sshd_config.5.out ssh_config.5.out
-+MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 ssh-ldap-helper.8 ssh-ldap.conf.5
+-MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-sk-helper.8 sshd_config.5 ssh_config.5
 +MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-sk-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap-helper.8.out ssh-ldap.conf.5.out
 +MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-sk-helper.8 sshd_config.5 ssh_config.5 ssh-ldap-helper.8 ssh-ldap.conf.5
 MANTYPE		= @MANTYPE@
 CONFIGFILES=sshd_config.out ssh_config.out moduli.out
@@ -184,6 +187,9 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libss
- ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
+ ssh-sk-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(SKHELPER_OBJS)
- 	$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+ 	$(LD) -o $@ $(SKHELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2)
 +ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
 +	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS)
 +
- ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
- 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ 	$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
@@ -311,6 +317,10 @@ install-files:
 	$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
 	$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-sk-helper$(EXEEXT) $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
 +	if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \
 +		$(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
 +		$(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
@ -188,9 +190,9 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
 	$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
 	$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
@@ -327,6 +337,10 @@ install-files:
 	$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
 	$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
 	$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
 	$(INSTALL) -m 644 ssh-sk-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
 +	if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \
 +		$(INSTALL) -m 644 ssh-ldap-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8 ; \
 +		$(INSTALL) -m 644 ssh-ldap.conf.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh-ldap.conf.5 ; \
@ -213,18 +215,18 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
 host-key: ssh-keygen$(EXEEXT)
 	@if [ -z "$(DESTDIR)" ] ; then \
@@ -419,6 +440,8 @@ uninstall:
 	-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
 	-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
 	-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
 	-rm -f $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
 +	-rm -f $(DESTDIR)$(SSH_LDAP_HELPER)$(EXEEXT)
 +	-rm -f $(DESTDIR)$(SSH_LDAP_WRAPPER)$(EXEEXT)
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
@@ -430,6 +453,7 @@ uninstall:
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
 +	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8
 regress-prep:
@ -233,8 +235,8 @@ diff -up openssh-6.8p1/configure.ac.ldap openssh-6.8p1/configure.ac
 --- openssh-6.8p1/configure.ac.ldap	2015-03-17 06:49:20.000000000 +0100
 +++ openssh-6.8p1/configure.ac	2015-03-18 11:11:29.030801464 +0100
@@ -1605,6 +1605,110 @@ if test "x$use_pie" != "xno"; then
- 	fi
+ CFLAGS="$SAVED_CFLAGS"
- fi
+ AC_SUBST([PICFLAG])
 +# Check whether user wants LDAP support
 +LDAP_MSG="no"
@ -331,7 +333,7 @@ diff -up openssh-6.8p1/configure.ac.ldap openssh-6.8p1/configure.ac
 +					[ac_cv_ldap_set_rebind_proc=3],
 +					[ac_cv_ldap_set_rebind_proc=2])
 +				AC_MSG_RESULT($ac_cv_ldap_set_rebind_proc)
-+				AC_DEFINE(LDAP_SET_REBIND_PROC_ARGS, $ac_cv_ldap_set_rebind_proc, [number arguments of ldap_set_rebind_proc])
+				AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS, $ac_cv_ldap_set_rebind_proc, [number arguments of ldap_set_rebind_proc])
 +			)
 +			LIBS="$saved_LIBS"
 +		fi
@ -646,7 +648,7 @@ diff -up openssh-6.8p1/ldap.conf.ldap openssh-6.8p1/ldap.conf
 diff -up openssh-6.8p1/ldapbody.c.ldap openssh-6.8p1/ldapbody.c
 --- openssh-6.8p1/ldapbody.c.ldap	2015-03-18 11:11:29.031801462 +0100
 +++ openssh-6.8p1/ldapbody.c	2015-03-18 11:11:29.031801462 +0100
-@@ -0,0 +1,494 @@
+@@ -0,0 +1,499 @@
 +/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
 + * Copyright (c) 2009 Jan F. Chadima.  All rights reserved.
@ -708,7 +710,11 @@ diff -up openssh-6.8p1/ldapbody.c.ldap openssh-6.8p1/ldapbody.c
 +
 +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
 +static int
 +#if LDAP_API_VERSION > 3000
 +_rebind_proc (LDAP * ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *params)
 +#else
 +_rebind_proc (LDAP * ld, LDAP_CONST char *url, int request, ber_int_t msgid)
 +#endif
 +{
 +	struct timeval timeout;
 +	int rc;
--- a/openssh-6.8p1-sshdT-output.patch
+++ b/openssh-6.8p1-sshdT-output.patch
@ -3,25 +3,10 @@ diff -up openssh/servconf.c.sshdt openssh/servconf.c
 +++ openssh/servconf.c	2015-06-24 11:44:39.734745802 +0200
@@ -2317,7 +2317,7 @@ dump_config(ServerOptions *o)
 	dump_cfg_string(sXAuthLocation, o->xauth_location);
- 	dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT);
+ 	dump_cfg_string(sCiphers, o->ciphers);
- 	dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC);
+ 	dump_cfg_string(sMacs, o->macs);
 -	dump_cfg_string(sBanner, o->banner);
 +	dump_cfg_string(sBanner, o->banner != NULL ? o->banner : "none");
 	dump_cfg_string(sForceCommand, o->adm_forced_command);
 	dump_cfg_string(sChrootDirectory, o->chroot_directory);
 	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
 diff -up openssh/ssh.1.sshdt openssh/ssh.1
 --- openssh/ssh.1.sshdt	2015-06-24 11:42:19.565102807 +0200
 +++ openssh/ssh.1	2015-06-24 11:42:29.042078701 +0200
@@ -441,7 +441,11 @@ For full details of the options listed b
 .It GatewayPorts
 .It GlobalKnownHostsFile
 .It GSSAPIAuthentication
 +.It GSSAPIKeyExchange
 +.It GSSAPIClientIdentity
 .It GSSAPIDelegateCredentials
 +.It GSSAPIRenewalForcesRekey
 +.It GSSAPITrustDNS
 .It HashKnownHosts
 .It Host
 .It HostbasedAuthentication
--- a/openssh-6.9p1-permit-root-login.patch
+++ b/openssh-6.9p1-permit-root-login.patch
@ -1,12 +0,0 @@
 diff -up openssh-7.0p1/sshd_config.root-login openssh-7.0p1/sshd_config
 --- openssh-7.0p1/sshd_config.root-login	2015-08-12 11:29:12.919269245 +0200
 +++ openssh-7.0p1/sshd_config	2015-08-12 11:31:03.653096466 +0200
@@ -46,7 +46,7 @@ SyslogFacility AUTHPRIV
 # Authentication:
 #LoginGraceTime 2m
 -#PermitRootLogin prohibit-password
 +PermitRootLogin yes
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
--- a/openssh-7.0p1-gssKexAlgorithms.patch
+++ b/openssh-7.0p1-gssKexAlgorithms.patch
@ -1,422 +0,0 @@
 diff -up openssh-7.0p1/gss-genr.c.gsskexalg openssh-7.0p1/gss-genr.c
 --- openssh-7.0p1/gss-genr.c.gsskexalg	2015-08-19 12:28:38.024518959 +0200
 +++ openssh-7.0p1/gss-genr.c	2015-08-19 12:28:38.078518839 +0200
@@ -78,7 +78,8 @@ ssh_gssapi_oid_table_ok() {
  */
 char *
 -ssh_gssapi_client_mechanisms(const char *host, const char *client) {
 +ssh_gssapi_client_mechanisms(const char *host, const char *client,
 +    const char *kex) {
 	gss_OID_set gss_supported;
 	OM_uint32 min_status;
@@ -86,12 +87,12 @@ ssh_gssapi_client_mechanisms(const char
 		return NULL;
 	return(ssh_gssapi_kex_mechs(gss_supported, ssh_gssapi_check_mechanism,
 -	    host, client));
 +	    host, client, kex));
 }
 char *
 ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
 -    const char *host, const char *client) {
 +    const char *host, const char *client, const char *kex) {
 	struct sshbuf *buf;
 	size_t i;
 	int oidpos, enclen, r;
@@ -100,6 +101,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
 	char deroid[2];
 	const EVP_MD *evp_md = EVP_md5();
 	EVP_MD_CTX md;
 +	char *s, *cp, *p;
 	if (gss_enc2oid != NULL) {
 		for (i = 0; gss_enc2oid[i].encoded != NULL; i++)
@@ -113,6 +115,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
 		fatal("%s: sshbuf_new failed", __func__);
 	oidpos = 0;
 +	s = cp = xstrdup(kex);
 	for (i = 0; i < gss_supported->count; i++) {
 		if (gss_supported->elements[i].length < 128 &&
 		    (*check)(NULL, &(gss_supported->elements[i]), host, client)) {
@@ -131,28 +134,25 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
 			enclen = __b64_ntop(digest, EVP_MD_size(evp_md),
 			    encoded, EVP_MD_size(evp_md) * 2);
 -			if (oidpos != 0)
 -				if ((r = sshbuf_put_u8(buf, ',')) != 0)
 -					fatal("%s: buffer error: %s", __func__, ssh_err(r));
 -
 -			if ((r = sshbuf_put(buf, KEX_GSS_GEX_SHA1_ID,
 -			    sizeof(KEX_GSS_GEX_SHA1_ID) - 1)) != 0 ||
 -			    (r = sshbuf_put(buf, encoded, enclen)) != 0 ||
 -			    (r = sshbuf_put_u8(buf, ',')) != 0 ||
 -			    (r = sshbuf_put(buf, KEX_GSS_GRP1_SHA1_ID, 
 -			    sizeof(KEX_GSS_GRP1_SHA1_ID) - 1)) != 0 ||
 -			    (r = sshbuf_put(buf, encoded, enclen)) != 0 ||
 -			    (r = sshbuf_put_u8(buf, ',')) != 0 ||
 -			    (r = sshbuf_put(buf, KEX_GSS_GRP14_SHA1_ID,
 -			    sizeof(KEX_GSS_GRP14_SHA1_ID) - 1)) != 0 ||
 -			    (r = sshbuf_put(buf, encoded, enclen)) != 0)
 -		 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +			cp = strncpy(s, kex, strlen(kex));
 +			for ((p = strsep(&cp, ",")); p && *p != '\0';
 +				(p = strsep(&cp, ","))) {
 +				if (sshbuf_len(buf) != 0)
 +					if ((r = sshbuf_put_u8(buf, ',')) != 0)
 +			 			fatal("%s: buffer error: %s",
 +						    __func__, ssh_err(r));
 +				if ((r = sshbuf_put(buf, p, strlen(p))) != 0 ||
 +				    (r = sshbuf_put(buf, encoded, enclen)) != 0)
 +			 		fatal("%s: buffer error: %s",
 +					    __func__, ssh_err(r));
 +			}
 			gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
 			gss_enc2oid[oidpos].encoded = encoded;
 			oidpos++;
 		}
 	}
 +	free(s);
 	gss_enc2oid[oidpos].oid = NULL;
 	gss_enc2oid[oidpos].encoded = NULL;
 diff -up openssh-7.0p1/gss-serv.c.gsskexalg openssh-7.0p1/gss-serv.c
 --- openssh-7.0p1/gss-serv.c.gsskexalg	2015-08-19 12:28:38.024518959 +0200
 +++ openssh-7.0p1/gss-serv.c	2015-08-19 12:28:38.078518839 +0200
@@ -149,7 +149,8 @@ ssh_gssapi_server_mechanisms() {
 	if (supported_oids == NULL)
 		ssh_gssapi_prepare_supported_oids();
 	return (ssh_gssapi_kex_mechs(supported_oids,
 -	    &ssh_gssapi_server_check_mech, NULL, NULL));
 +	    &ssh_gssapi_server_check_mech, NULL, NULL,
 +	    options.gss_kex_algorithms));
 }
 /* Unprivileged */
 diff -up openssh-7.0p1/kex.c.gsskexalg openssh-7.0p1/kex.c
 --- openssh-7.0p1/kex.c.gsskexalg	2015-08-19 12:28:38.078518839 +0200
 +++ openssh-7.0p1/kex.c	2015-08-19 12:30:13.249306371 +0200
@@ -50,6 +50,7 @@
 #include "misc.h"
 #include "dispatch.h"
 #include "monitor.h"
 +#include "xmalloc.h"
 #include "ssherr.h"
 #include "sshbuf.h"
@@ -232,6 +232,29 @@ kex_assemble_names(const char *def, char
 	return r;
 }
 +/* Validate GSS KEX method name list */
 +int
 +gss_kex_names_valid(const char *names)
 +{
 +	char *s, *cp, *p;
 +
 +	if (names == NULL || *names == '\0')
 +		return 0;
 +	s = cp = xstrdup(names);
 +	for ((p = strsep(&cp, ",")); p && *p != '\0';
 +	    (p = strsep(&cp, ","))) {
 +		if (strncmp(p, "gss-", 4) != 0
 +		  || kex_alg_by_name(p) == NULL) {
 +			error("Unsupported KEX algorithm \"%.100s\"", p);
 +			free(s);
 +			return 0;
 +		}
 +	}
 +	debug3("gss kex names ok: [%s]", names);
 +	free(s);
 +	return 1;
 +}
 +
 /* put algorithm proposal into buffer */
 int
 kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX])
 diff -up openssh-7.0p1/kex.h.gsskexalg openssh-7.0p1/kex.h
 --- openssh-7.0p1/kex.h.gsskexalg	2015-08-19 12:28:38.078518839 +0200
 +++ openssh-7.0p1/kex.h	2015-08-19 12:30:52.404218958 +0200
@@ -173,6 +173,7 @@ int	 kex_names_valid(const char *);
 char	*kex_alg_list(char);
 char	*kex_names_cat(const char *, const char *);
 int	 kex_assemble_names(char **, const char *, const char *);
 +int	 gss_kex_names_valid(const char *);
 int	 kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **);
 int	 kex_setup(struct ssh *, char *[PROPOSAL_MAX]);
 diff -up openssh-7.0p1/readconf.c.gsskexalg openssh-7.0p1/readconf.c
 --- openssh-7.0p1/readconf.c.gsskexalg	2015-08-19 12:28:38.026518955 +0200
 +++ openssh-7.0p1/readconf.c	2015-08-19 12:31:28.333138747 +0200
@@ -61,6 +61,7 @@
 #include "uidswap.h"
 #include "myproposal.h"
 #include "digest.h"
 +#include "ssh-gss.h"
 /* Format of the configuration file:
@@ -148,7 +149,7 @@ typedef enum {
 	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
 	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
 	oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,
 -	oGssServerIdentity, 
 +	oGssServerIdentity, oGssKexAlgorithms,
 	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
 	oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
 	oHashKnownHosts,
@@ -200,6 +201,7 @@ static struct {
 	{ "gssapiclientidentity", oGssClientIdentity },
 	{ "gssapiserveridentity", oGssServerIdentity },
 	{ "gssapirenewalforcesrekey", oGssRenewalRekey },
 +	{ "gssapikexalgorithms", oGssKexAlgorithms },
 # else
 	{ "gssapiauthentication", oUnsupported },
 	{ "gssapikeyexchange", oUnsupported },
@@ -207,6 +209,7 @@ static struct {
 	{ "gssapitrustdns", oUnsupported },
 	{ "gssapiclientidentity", oUnsupported },
 	{ "gssapirenewalforcesrekey", oUnsupported },
 +	{ "gssapikexalgorithms", oUnsupported },
 #endif
 #ifdef ENABLE_PKCS11
 	{ "smartcarddevice", oPKCS11Provider },
@@ -929,6 +932,18 @@ parse_time:
 		intptr = &options->gss_renewal_rekey;
 		goto parse_flag;
 +	case oGssKexAlgorithms:
 +		arg = strdelim(&s);
 +		if (!arg || *arg == '\0')
 +			fatal("%.200s line %d: Missing argument.",
 +			    filename, linenum);
 +		if (!gss_kex_names_valid(arg))
 +			fatal("%.200s line %d: Bad GSSAPI KexAlgorithms '%s'.",
 +			    filename, linenum, arg ? arg : "<NONE>");
 +		if (*activep && options->gss_kex_algorithms == NULL)
 +			options->gss_kex_algorithms = xstrdup(arg);
 +		break;
 +
 	case oBatchMode:
 		intptr = &options->batch_mode;
 		goto parse_flag;
@@ -1638,6 +1653,7 @@ initialize_options(Options * options)
 	options->gss_renewal_rekey = -1;
 	options->gss_client_identity = NULL;
 	options->gss_server_identity = NULL;
 +	options->gss_kex_algorithms = NULL;
 	options->password_authentication = -1;
 	options->kbd_interactive_authentication = -1;
 	options->kbd_interactive_devices = NULL;
@@ -1773,6 +1789,10 @@ fill_default_options(Options * options)
 		options->gss_trust_dns = 0;
 	if (options->gss_renewal_rekey == -1)
 		options->gss_renewal_rekey = 0;
 +#ifdef GSSAPI
 +	if (options->gss_kex_algorithms == NULL)
 +		options->gss_kex_algorithms = strdup(GSS_KEX_DEFAULT_KEX);
 +#endif
 	if (options->password_authentication == -1)
 		options->password_authentication = 1;
 	if (options->kbd_interactive_authentication == -1)
 diff -up openssh-7.0p1/readconf.h.gsskexalg openssh-7.0p1/readconf.h
 --- openssh-7.0p1/readconf.h.gsskexalg	2015-08-19 12:28:38.026518955 +0200
 +++ openssh-7.0p1/readconf.h	2015-08-19 12:28:38.079518836 +0200
@@ -51,6 +51,7 @@ typedef struct {
 	int	gss_renewal_rekey;	/* Credential renewal forces rekey */
 	char    *gss_client_identity;   /* Principal to initiate GSSAPI with */
 	char    *gss_server_identity;   /* GSSAPI target principal */
 +	char   *gss_kex_algorithms;	/* GSSAPI kex methods to be offered by client. */
 	int     password_authentication;	/* Try password
 						 * authentication. */
 	int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
 diff -up openssh-7.0p1/servconf.c.gsskexalg openssh-7.0p1/servconf.c
 --- openssh-7.0p1/servconf.c.gsskexalg	2015-08-19 12:28:38.074518847 +0200
 +++ openssh-7.0p1/servconf.c	2015-08-19 12:33:13.599902732 +0200
@@ -57,6 +57,7 @@
 #include "auth.h"
 #include "myproposal.h"
 #include "digest.h"
 +#include "ssh-gss.h"
 static void add_listen_addr(ServerOptions *, const char *,
     const char *, int);
@@ -121,6 +122,7 @@ initialize_server_options(ServerOptions
 	options->gss_cleanup_creds = -1;
 	options->gss_strict_acceptor = -1;
 	options->gss_store_rekey = -1;
 +	options->gss_kex_algorithms = NULL;
 	options->use_kuserok = -1;
 	options->enable_k5users = -1;
 	options->password_authentication = -1;
@@ -288,6 +290,10 @@ fill_default_server_options(ServerOption
 		options->gss_strict_acceptor = 1;
 	if (options->gss_store_rekey == -1)
 		options->gss_store_rekey = 0;
 +#ifdef GSSAPI
 +	if (options->gss_kex_algorithms == NULL)
 +		options->gss_kex_algorithms = strdup(GSS_KEX_DEFAULT_KEX);
 +#endif
 	if (options->use_kuserok == -1)
 		options->use_kuserok = 1;
 	if (options->enable_k5users == -1)
@@ -427,7 +431,7 @@ typedef enum {
 	sHostKeyAlgorithms,
 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
 	sGssAuthentication, sGssCleanupCreds, sGssEnablek5users, sGssStrictAcceptor,
 -	sGssKeyEx, sGssStoreRekey, sAcceptEnv, sSetEnv, sPermitTunnel,
 +	sGssKeyEx, sGssStoreRekey, sGssKexAlgorithms, sAcceptEnv, sSetEnv, sPermitTunnel,
 	sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
 	sUsePrivilegeSeparation, sAllowAgentForwarding,
 	sHostCertificate,
@@ -506,6 +510,7 @@ static struct {
 	{ "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
 	{ "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
 	{ "gssapienablek5users", sGssEnablek5users, SSHCFG_ALL },
 +	{ "gssapikexalgorithms", sGssKexAlgorithms, SSHCFG_GLOBAL },
 #else
 	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
@@ -513,6 +518,7 @@ static struct {
 	{ "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
 	{ "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
 	{ "gssapienablek5users", sUnsupported, SSHCFG_ALL },
 +	{ "gssapikexalgorithms", sUnsupported, SSHCFG_GLOBAL },
 #endif
 	{ "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL },
 	{ "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL },
@@ -1273,6 +1279,18 @@ process_server_config_line(ServerOptions
 		intptr = &options->gss_store_rekey;
 		goto parse_flag;
 +	case sGssKexAlgorithms:
 +		arg = strdelim(&cp);
 +		if (!arg || *arg == '\0')
 +			fatal("%.200s line %d: Missing argument.",
 +			    filename, linenum);
 +		if (!gss_kex_names_valid(arg))
 +			fatal("%.200s line %d: Bad GSSAPI KexAlgorithms '%s'.",
 +			    filename, linenum, arg ? arg : "<NONE>");
 +		if (*activep && options->gss_kex_algorithms == NULL)
 +			options->gss_kex_algorithms = xstrdup(arg);
 +		break;
 +
 	case sPasswordAuthentication:
 		intptr = &options->password_authentication;
 		goto parse_flag;
@@ -2304,6 +2322,7 @@ dump_config(ServerOptions *o)
 	dump_cfg_fmtint(sGssKeyEx, o->gss_keyex);
 	dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor);
 	dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey);
 +	dump_cfg_string(sGssKexAlgorithms, o->gss_kex_algorithms);
 #endif
 	dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
 	dump_cfg_fmtint(sKbdInteractiveAuthentication,
 diff -up openssh-7.0p1/servconf.h.gsskexalg openssh-7.0p1/servconf.h
 --- openssh-7.0p1/servconf.h.gsskexalg	2015-08-19 12:28:38.080518834 +0200
 +++ openssh-7.0p1/servconf.h	2015-08-19 12:34:46.328693944 +0200
@@ -122,6 +122,7 @@ typedef struct {
 	int     gss_cleanup_creds;	/* If true, destroy cred cache on logout */
 	int     gss_strict_acceptor;	/* If true, restrict the GSSAPI acceptor name */
 	int 	gss_store_rekey;
 +	char   *gss_kex_algorithms;	/* GSSAPI kex methods to be offered by client. */
 	int     password_authentication;	/* If true, permit password
 						 * authentication. */
 	int     kbd_interactive_authentication;	/* If true, permit */
 diff -up openssh-7.0p1/ssh.1.gsskexalg openssh-7.0p1/ssh.1
 --- openssh-7.0p1/ssh.1.gsskexalg	2015-08-19 12:28:38.081518832 +0200
 +++ openssh-7.0p1/ssh.1	2015-08-19 12:35:31.741591692 +0200
@@ -496,6 +496,7 @@ For full details of the options listed b
 .It GSSAPIDelegateCredentials
 .It GSSAPIRenewalForcesRekey
 .It GSSAPITrustDNS
 +.It GSSAPIKexAlgorithms
 .It HashKnownHosts
 .It Host
 .It HostbasedAuthentication
 diff -up openssh-7.0p1/ssh_config.5.gsskexalg openssh-7.0p1/ssh_config.5
 --- openssh-7.0p1/ssh_config.5.gsskexalg	2015-08-19 12:28:38.028518950 +0200
 +++ openssh-7.0p1/ssh_config.5	2015-08-19 12:28:38.082518830 +0200
@@ -786,6 +786,18 @@ command line will be passed untouched to
 command line will be passed untouched to the GSSAPI library.
 The default is
 .Dq no .
 +.It Cm GSSAPIKexAlgorithms
 +The list of key exchange algorithms that are offered for GSSAPI
 +key exchange. Possible values are
 +.Bd -literal -offset 3n
 +gss-gex-sha1-,
 +gss-group1-sha1-,
 +gss-group14-sha1-
 +.Ed
 +.Pp
 +The default is
 +.Dq gss-gex-sha1-,gss-group14-sha1- .
 +This option only applies to protocol version 2 connections using GSSAPI.
 .It Cm HashKnownHosts
 Indicates that
 .Xr ssh 1
 diff -up openssh-7.0p1/sshconnect2.c.gsskexalg openssh-7.0p1/sshconnect2.c
 --- openssh-7.0p1/sshconnect2.c.gsskexalg	2015-08-19 12:28:38.045518912 +0200
 +++ openssh-7.0p1/sshconnect2.c	2015-08-19 12:28:38.081518832 +0200
@@ -179,7 +179,8 @@ ssh_kex2(char *host, struct sockaddr *ho
 		else
 			gss_host = host;
 -		gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity);
 +		gss = ssh_gssapi_client_mechanisms(gss_host,
 +		    options.gss_client_identity, options.gss_kex_algorithms);
 		if (gss) {
 			debug("Offering GSSAPI proposal: %s", gss);
 			xasprintf(&options.kex_algorithms,
 --- openssh-7.1p1/sshd_config.5.gsskexalg	2015-12-10 15:32:48.105418092 +0100
 +++ openssh-7.1p1/sshd_config.5	2015-12-10 15:33:47.771279548 +0100
@@ -663,6 +663,18 @@ or updated credentials from a compatible
 For this to work
 .Cm GSSAPIKeyExchange
 needs to be enabled in the server and also used by the client.
 +.It Cm GSSAPIKexAlgorithms
 +The list of key exchange algorithms that are accepted by GSSAPI
 +key exchange. Possible values are
 +.Bd -literal -offset 3n
 +gss-gex-sha1-,
 +gss-group1-sha1-,
 +gss-group14-sha1-
 +.Ed
 +.Pp
 +The default is
 +.Dq gss-gex-sha1-,gss-group14-sha1- .
 +This option only applies to protocol version 2 connections using GSSAPI.
 .It Cm HostbasedAcceptedKeyTypes
 Specifies the key types that will be accepted for hostbased authentication
 as a list of comma-separated patterns.
 diff -up openssh-7.0p1/ssh-gss.h.gsskexalg openssh-7.0p1/ssh-gss.h
 --- openssh-7.0p1/ssh-gss.h.gsskexalg	2015-08-19 12:28:38.031518944 +0200
 +++ openssh-7.0p1/ssh-gss.h	2015-08-19 12:28:38.081518832 +0200
@@ -76,6 +76,10 @@ extern char **k5users_allowed_cmds;
 #define KEX_GSS_GRP14_SHA1_ID				"gss-group14-sha1-"
 #define KEX_GSS_GEX_SHA1_ID				"gss-gex-sha1-"
 +#define        GSS_KEX_DEFAULT_KEX \
 +	KEX_GSS_GEX_SHA1_ID "," \
 +	KEX_GSS_GRP14_SHA1_ID
 +
 typedef struct {
 	char *envvar;
 	char *envval;
@@ -147,9 +151,9 @@ int ssh_gssapi_credentials_updated(Gssct
 /* In the server */
 typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, const char *, 
     const char *);
 -char *ssh_gssapi_client_mechanisms(const char *, const char *);
 +char *ssh_gssapi_client_mechanisms(const char *, const char *, const char *);
 char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *,
 -    const char *);
 +    const char *, const char *);
 gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int);
 int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *, 
     const char *);
--- a/openssh-7.1p1-gssapi-documentation.patch
+++ b/openssh-7.1p1-gssapi-documentation.patch
@ -1,52 +0,0 @@
 diff -up openssh-7.4p1/ssh_config.5.gss-docs openssh-7.4p1/ssh_config.5
 --- openssh-7.4p1/ssh_config.5.gss-docs	2016-12-23 14:28:34.051714486 +0100
 +++ openssh-7.4p1/ssh_config.5	2016-12-23 14:34:24.568522417 +0100
@@ -765,10 +765,19 @@ The default is
 If set to 
 .Dq yes
 then renewal of the client's GSSAPI credentials will force the rekeying of the
 -ssh connection. With a compatible server, this can delegate the renewed 
 +ssh connection. With a compatible server, this will delegate the renewed 
 credentials to a session on the server.
 +.Pp
 +Checks are made to ensure that credentials are only propagated when the new
 +credentials match the old ones on the originating client and where the
 +receiving server still has the old set in its cache.
 +.Pp
 The default is
 .Dq no .
 +.Pp
 +For this to work
 +.Cm GSSAPIKeyExchange
 +needs to be enabled in the server and also used by the client.
 .It Cm GSSAPIServerIdentity
 If set, specifies the GSSAPI server identity that ssh should expect when 
 connecting to the server. The default is unset, which means that the
@@ -776,9 +785,11 @@ expected GSSAPI server identity will be
 hostname.
 .It Cm GSSAPITrustDns
 Set to 
 -.Dq yes to indicate that the DNS is trusted to securely canonicalize
 +.Dq yes
 +to indicate that the DNS is trusted to securely canonicalize
 the name of the host being connected to. If 
 -.Dq no, the hostname entered on the
 +.Dq no ,
 +the hostname entered on the
 command line will be passed untouched to the GSSAPI library.
 The default is
 .Dq no .
 diff -up openssh-7.4p1/sshd_config.5.gss-docs openssh-7.4p1/sshd_config.5
 --- openssh-7.4p1/sshd_config.5.gss-docs	2016-12-23 14:28:34.043714490 +0100
 +++ openssh-7.4p1/sshd_config.5	2016-12-23 14:28:34.051714486 +0100
@@ -652,6 +652,10 @@ Controls whether the user's GSSAPI crede
 successful connection rekeying. This option can be used to accepted renewed 
 or updated credentials from a compatible client. The default is
 .Dq no .
 +.Pp
 +For this to work
 +.Cm GSSAPIKeyExchange
 +needs to be enabled in the server and also used by the client.
 .It Cm HostbasedAcceptedKeyTypes
 Specifies the key types that will be accepted for hostbased authentication
 as a list of comma-separated patterns.
--- a/openssh-7.1p2-audit-race-condition.patch
+++ b/openssh-7.1p2-audit-race-condition.patch
@ -56,9 +56,9 @@ diff -up openssh-7.4p1/monitor_wrap.h.audit-race openssh-7.4p1/monitor_wrap.h
 --- openssh-7.4p1/monitor_wrap.h.audit-race	2016-12-23 16:35:52.694685771 +0100
 +++ openssh-7.4p1/monitor_wrap.h	2016-12-23 16:35:52.698685772 +0100
@@ -83,6 +83,8 @@ void mm_audit_unsupported_body(int);
- void mm_audit_kex_body(int, char *, char *, char *, char *, pid_t, uid_t);
+ void mm_audit_kex_body(struct ssh *, int, char *, char *, char *, char *, pid_t, uid_t);
- void mm_audit_session_key_free_body(int, pid_t, uid_t);
+ void mm_audit_session_key_free_body(struct ssh *, int, pid_t, uid_t);
- void mm_audit_destroy_sensitive_data(const char *, pid_t, uid_t);
+ void mm_audit_destroy_sensitive_data(struct ssh *, const char *, pid_t, uid_t);
 +int mm_forward_audit_messages(int);
 +void mm_set_monitor_pipe(int);
 #endif
@ -82,7 +82,7 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
 	return 1;
 }
-+void child_destory_sensitive_data();
+void child_destory_sensitive_data(struct ssh *ssh);
 +
 #define USE_PIPES 1
 /*
@ -91,7 +91,7 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
 		close(err[0]);
 #endif
-+		child_destory_sensitive_data();
+		child_destory_sensitive_data(ssh);
 +
 		/* Do processing for the child (exec command etc). */
 		do_child(ssh, s, command);
@ -101,7 +101,7 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
 		close(ttyfd);
 +		/* Do this early, so we will not block large MOTDs */
-+		child_destory_sensitive_data();
+		child_destory_sensitive_data(ssh);
 +
 		/* record login, etc. similar to login(1) */
 #ifndef HAVE_OSF_SIA
@ -109,7 +109,7 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
@@ -717,6 +728,8 @@ do_exec(Session *s, const char *command)
 	}
 	if (s->command != NULL && s->ptyfd == -1)
- 		s->command_handle = PRIVSEP(audit_run_command(s->command));
+ 		s->command_handle = PRIVSEP(audit_run_command(ssh, s->command));
 +	if (pipe(paudit) < 0)
 +		fatal("pipe: %s", strerror(errno));
 #endif
@ -141,7 +141,7 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
 }
 +void
-+child_destory_sensitive_data()
+child_destory_sensitive_data(struct ssh *ssh)
 +{
 +#ifdef SSH_AUDIT_EVENTS
 +	int pparent = paudit[1];
@ -152,15 +152,15 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
 +#endif
 +
 +	/* remove hostkey from the child's memory */
-+	destroy_sensitive_data(use_privsep);
+	destroy_sensitive_data(ssh, use_privsep);
 +	/*
 +	 * We can audit this, because we hacked the pipe to direct the
 +	 * messages over postauth child. But this message requires answer
 +	 * which we can't do using one-way pipe.
 +	 */
-+	packet_destroy_all(0, 1);
+	packet_destroy_all(ssh, 0, 1);
 +	/* XXX this will clean the rest but should not audit anymore */
-+	/* packet_clear_keys(); */
+	/* packet_clear_keys(ssh); */
 +
 +#ifdef SSH_AUDIT_EVENTS
 +	/* Notify parent that we are done */
@ -172,15 +172,15 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
  * Performs common processing for the child, such as setting up the
  * environment, closing extra file descriptors, setting the user and group
@@ -1554,13 +1608,6 @@ do_child(Session *s, const char *command
- 	struct passwd *pw = s->pw;
+ 
- 	int r = 0;
+ 	sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
 -	/* remove hostkey from the child's memory */
-	destroy_sensitive_data(1);
+-	destroy_sensitive_data(ssh, 1);
-	packet_clear_keys();
+-	ssh_packet_clear_keys(ssh);
 -	/* Don't audit this - both us and the parent would be talking to the
 -	   monitor over a single socket, with no synchronization. */
-	packet_destroy_all(0, 1);
+-	packet_destroy_all(ssh, 0, 1);
 -
 	/* Force a password change */
 	if (s->authctxt->force_pwchange) {
--- a/openssh-7.2p2-k5login_directory.patch
+++ b/openssh-7.2p2-k5login_directory.patch
@ -2,10 +2,11 @@ diff --git a/auth-krb5.c b/auth-krb5.c
 index 2b02a04..19b9364 100644
 --- a/auth-krb5.c
 +++ b/auth-krb5.c
-@@ -375,6 +375,22 @@ cleanup:
+@@ -375,5 +375,21 @@ cleanup:
- 	return -1;
+ 		return (krb5_cc_resolve(ctx, ccname, ccache));
 	}
 }
- 
+
 +/*
 + * Reads  k5login_directory  option from the  krb5.conf
 + */
@ -21,22 +22,21 @@ index 2b02a04..19b9364 100644
 +	return profile_get_string(p, "libdefaults", "k5login_directory", NULL, NULL,
 +		k5login_directory);
 +}
-+
+ #endif /* !HEIMDAL */
- krb5_error_code
+ #endif /* KRB5 */
 ssh_krb5_get_cctemplate(krb5_context ctx, char **ccname) {
 	profile_t p;
 diff --git a/auth.h b/auth.h
 index f9d191c..c432d2f 100644
 --- a/auth.h
 +++ b/auth.h
-@@ -222,5 +222,7 @@ int	 sys_auth_passwd(Authctxt *, const char *);
+@@ -222,6 +222,8 @@ int	 sys_auth_passwd(Authctxt *, const char *);
 #if defined(KRB5) && !defined(HEIMDAL)
 #include <krb5.h>
 krb5_error_code ssh_krb5_cc_new_unique(krb5_context, krb5_ccache *, int *);
 +krb5_error_code ssh_krb5_get_k5login_directory(krb5_context ctx,
 +	char **k5login_directory);
 #endif
- #endif
+ 
 #endif /* AUTH_H */
 diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
 index a7c0c5f..df8cc9a 100644
 --- a/gss-serv-krb5.c
--- a/openssh-7.2p2-s390-closefrom.patch
+++ b/openssh-7.2p2-s390-closefrom.patch
@ -48,5 +48,5 @@ Author: Harald Freudenberger <freude@de.ibm.com>
 +#endif
 	}
 	(void) closedir(dirp);
-     } else
+ 	return;
--- a/openssh-7.2p2-x11.patch
+++ b/openssh-7.2p2-x11.patch
@ -14,7 +14,7 @@ diff -up openssh-7.2p2/channels.c.x11 openssh-7.2p2/channels.c
 +	if (len <= 0)
 +		return -1;
 	sock = socket(AF_UNIX, SOCK_STREAM, 0);
- 	if (sock < 0)
+ 	if (sock == -1)
 		error("socket: %.100s", strerror(errno));
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
--- a/openssh-7.3p1-openssl-1.1.0.patch
+++ b/openssh-7.3p1-openssl-1.1.0.patch
--- a/openssh-7.3p1-x11-max-displays.patch
+++ b/openssh-7.3p1-x11-max-displays.patch
@ -59,7 +59,7 @@ diff -up openssh-7.4p1/channels.c.x11max openssh-7.4p1/channels.c
 		ssh_gai_strerror(gaierr));
@@ -4457,7 +4463,7 @@ x11_connect_display(void)
 		/* Connect it to the display. */
- 		if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+ 		if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
 			debug2("connect %.100s port %u: %.100s", buf,
 -			    6000 + display_number, strerror(errno));
 +			    X11_PORT_MIN + display_number, strerror(errno));
@ -197,7 +197,7 @@ diff -up openssh-7.4p1/sshd_config.5.x11max openssh-7.4p1/sshd_config.5
 +.Cm X11MaxDisplays ,
 .Cm X11Forwarding
 and
- .Cm X11UseLocalHost .
+ .Cm X11UseLocalhost .
@@ -1566,6 +1567,12 @@ Specifies the first display number avail
 X11 forwarding.
 This prevents sshd from interfering with real X11 servers.
--- a/openssh-7.5p1-gssapi-kex-with-ec.patch
+++ b/openssh-7.5p1-gssapi-kex-with-ec.patch
--- a/openssh-7.5p1-sandbox.patch
+++ b/openssh-7.5p1-sandbox.patch
@ -20,8 +20,8 @@ index ca75cc7..6e7de31 100644
 +#if defined(__NR_flock) && defined(__s390__)
 +	SC_ALLOW(__NR_flock),
 +#endif
- #ifdef __NR_geteuid
+ #ifdef __NR_futex
- 	SC_ALLOW(__NR_geteuid),
+ 	SC_ALLOW(__NR_futex),
 #endif
@@ -178,6 +181,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_gettimeofday
@ -69,29 +69,6 @@ index 6e7de31..e86aa2c 100644
 	SC_ALLOW(__NR_getrandom),
 #endif
 -- 1.9.1
 The EP11 crypto card needs to make an ioctl call, which receives an
 specific argument. This crypto card is for s390 only.
 Signed-off-by: Eduardo Barretto <ebarretto@xxxxxxxxxxxxxxxxxx>
 ---
 sandbox-seccomp-filter.c | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
 index e86aa2c..98062f1 100644
 --- a/sandbox-seccomp-filter.c
 +++ b/sandbox-seccomp-filter.c
@@ -250,6 +250,8 @@ static const struct sock_filter preauth_insns[] = {
 	SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK),
 	SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO),
 	SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT),
 +	/* Allow ioctls for EP11 crypto card on s390 */
 +	SC_ALLOW_ARG(__NR_ioctl, 1, ZSENDEP11CPRB),
 #endif
 #if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT)
 	/*
 -- 
 1.9.1
 diff -up openssh-7.6p1/sandbox-seccomp-filter.c.sandbox openssh-7.6p1/sandbox-seccomp-filter.c
 --- openssh-7.6p1/sandbox-seccomp-filter.c.sandbox	2017-12-12 13:59:30.563874059 +0100
@ -106,3 +83,4 @@ diff -up openssh-7.6p1/sandbox-seccomp-filter.c.sandbox openssh-7.6p1/sandbox-se
 #ifdef __NR_getrandom
 	SC_ALLOW(__NR_getrandom),
 #endif
--- a/openssh-7.6p1-audit.patch
+++ b/openssh-7.6p1-audit.patch
--- a/openssh-7.6p1-cleanup-selinux.patch
+++ b/openssh-7.6p1-cleanup-selinux.patch
@ -1,6 +1,6 @@
 diff -up openssh/auth2-pubkey.c.refactor openssh/auth2-pubkey.c
--- openssh/auth2-pubkey.c.refactor	2017-09-27 13:10:19.556830609 +0200
+--- openssh/auth2-pubkey.c.refactor	2019-04-04 13:19:12.188821236 +0200
-+++ openssh/auth2-pubkey.c	2017-09-27 13:10:19.677831274 +0200
+++ openssh/auth2-pubkey.c	2019-04-04 13:19:12.276822078 +0200
@@ -72,6 +72,9 @@
 extern ServerOptions options;
 extern u_char *session_id2;
@ -11,7 +11,7 @@ diff -up openssh/auth2-pubkey.c.refactor openssh/auth2-pubkey.c
 static char *
 format_key(const struct sshkey *key)
-@@ -432,7 +435,8 @@ match_principals_command(struct passwd *
+@@ -511,7 +514,8 @@ match_principals_command(struct ssh *ssh
 	if ((pid = subprocess("AuthorizedPrincipalsCommand", runas_pw, command,
 	    ac, av, &f,
@ -21,7 +21,7 @@ diff -up openssh/auth2-pubkey.c.refactor openssh/auth2-pubkey.c
 		goto out;
 	uid_swapped = 1;
-@@ -762,7 +766,8 @@ user_key_command_allowed2(struct passwd
+@@ -981,7 +985,8 @@ user_key_command_allowed2(struct ssh *ss
 	if ((pid = subprocess("AuthorizedKeysCommand", runas_pw, command,
 	    ac, av, &f,
@ -32,9 +32,9 @@ diff -up openssh/auth2-pubkey.c.refactor openssh/auth2-pubkey.c
 	uid_swapped = 1;
 diff -up openssh/auth.c.refactor openssh/auth.c
--- openssh/auth.c.refactor	2017-09-27 13:10:19.640831071 +0200
+--- openssh/auth.c.refactor	2019-04-04 13:19:12.235821686 +0200
-+++ openssh/auth.c	2017-09-27 13:10:19.678831279 +0200
+++ openssh/auth.c	2019-04-04 13:19:12.276822078 +0200
-@@ -1435,7 +1435,8 @@ argv_assemble(int argc, char **argv)
+@@ -756,7 +756,8 @@ auth_get_canonical_hostname(struct ssh *
  */
 pid_t
 subprocess(const char *tag, struct passwd *pw, const char *command,
@ -44,7 +44,7 @@ diff -up openssh/auth.c.refactor openssh/auth.c
 {
 	FILE *f = NULL;
 	struct stat st;
-@@ -1551,7 +1552,7 @@ subprocess(const char *tag, struct passw
+@@ -872,7 +873,7 @@ subprocess(const char *tag, struct passw
 		}
 #ifdef WITH_SELINUX
@ -54,9 +54,9 @@ diff -up openssh/auth.c.refactor openssh/auth.c
 			    strerror(errno));
 			_exit(127);
 diff -up openssh/auth.h.refactor openssh/auth.h
--- openssh/auth.h.refactor	2017-09-25 01:48:10.000000000 +0200
+--- openssh/auth.h.refactor	2019-04-04 13:19:12.251821839 +0200
-+++ openssh/auth.h	2017-09-27 13:10:19.678831279 +0200
+++ openssh/auth.h	2019-04-04 13:19:12.276822078 +0200
-@@ -144,7 +144,7 @@ int	 exited_cleanly(pid_t, const char *,
+@@ -235,7 +235,7 @@ struct passwd *fakepw(void);
 #define	SSH_SUBPROCESS_STDOUT_CAPTURE  (1<<1)  /* Redirect stdout */
 #define	SSH_SUBPROCESS_STDERR_DISCARD  (1<<2)  /* Discard stderr */
 pid_t	subprocess(const char *, struct passwd *,
@ -66,8 +66,8 @@ diff -up openssh/auth.h.refactor openssh/auth.h
 int	 sys_auth_passwd(struct ssh *, const char *);
 diff -up openssh/openbsd-compat/port-linux.h.refactor openssh/openbsd-compat/port-linux.h
--- openssh/openbsd-compat/port-linux.h.refactor	2017-09-27 13:10:19.634831038 +0200
+--- openssh/openbsd-compat/port-linux.h.refactor	2019-04-04 13:19:12.256821887 +0200
-+++ openssh/openbsd-compat/port-linux.h	2017-09-27 13:10:54.954025248 +0200
+++ openssh/openbsd-compat/port-linux.h	2019-04-04 13:19:12.276822078 +0200
@@ -26,8 +26,8 @@ void ssh_selinux_setfscreatecon(const ch
 int sshd_selinux_enabled(void);
@ -80,9 +80,9 @@ diff -up openssh/openbsd-compat/port-linux.h.refactor openssh/openbsd-compat/por
 #endif
 diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compat/port-linux-sshd.c
--- openssh/openbsd-compat/port-linux-sshd.c.refactor	2017-09-27 13:10:19.634831038 +0200
+--- openssh/openbsd-compat/port-linux-sshd.c.refactor	2019-04-04 13:19:12.256821887 +0200
-+++ openssh/openbsd-compat/port-linux-sshd.c	2017-09-27 13:12:06.811420371 +0200
+++ openssh/openbsd-compat/port-linux-sshd.c	2019-04-04 13:19:12.276822078 +0200
-@@ -48,11 +48,6 @@
+@@ -49,11 +49,6 @@
 #include <unistd.h>
 #endif
@ -94,7 +94,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compa
 /* Wrapper around is_selinux_enabled() to log its return value once only */
 int
 sshd_selinux_enabled(void)
-@@ -222,7 +217,8 @@ get_user_context(const char *sename, con
+@@ -223,7 +218,8 @@ get_user_context(const char *sename, con
 }
 static void
@ -104,7 +104,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compa
 {
 	*role = NULL;
 	*level = NULL;
-@@ -240,8 +236,8 @@ ssh_selinux_get_role_level(char **role,
+@@ -241,8 +237,8 @@ ssh_selinux_get_role_level(char **role,
 /* Return the default security context for the given username */
 static int
@ -115,7 +115,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compa
 {
 	char *sename, *lvl;
 	char *role;
-@@ -249,7 +245,7 @@ sshd_selinux_getctxbyname(char *pwname,
+@@ -250,7 +246,7 @@ sshd_selinux_getctxbyname(char *pwname,
 	int r = 0;
 	context_t con = NULL;
@ -124,7 +124,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compa
 #ifdef HAVE_GETSEUSERBYNAME
 	if ((r=getseuserbyname(pwname, &sename, &lvl)) != 0) {
-@@ -271,7 +267,7 @@ sshd_selinux_getctxbyname(char *pwname,
+@@ -272,7 +268,7 @@ sshd_selinux_getctxbyname(char *pwname,
 	if (r == 0) {
 		/* If launched from xinetd, we must use current level */
@ -133,7 +133,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compa
 			security_context_t sshdsc=NULL;
 			if (getcon_raw(&sshdsc) < 0)
-@@ -332,7 +328,8 @@ sshd_selinux_getctxbyname(char *pwname,
+@@ -333,7 +329,8 @@ sshd_selinux_getctxbyname(char *pwname,
 /* Setup environment variables for pam_selinux */
 static int
@ -143,7 +143,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compa
 {
 	const char *reqlvl;
 	char *role;
-@@ -341,11 +338,11 @@ sshd_selinux_setup_variables(int(*set_it
+@@ -342,11 +339,11 @@ sshd_selinux_setup_variables(int(*set_it
 	debug3("%s: setting execution context", __func__);
@ -157,7 +157,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compa
 		use_current = "1";
 	} else {
 		use_current = "";
-@@ -361,9 +358,10 @@ sshd_selinux_setup_variables(int(*set_it
+@@ -362,9 +359,10 @@ sshd_selinux_setup_variables(int(*set_it
 }
 static int
@ -170,7 +170,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compa
 }
 static int
-@@ -373,25 +371,28 @@ do_setenv(char *name, const char *value)
+@@ -374,25 +372,28 @@ do_setenv(char *name, const char *value)
 }
 int
@ -204,7 +204,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compa
 			switch (security_getenforce()) {
 			case -1:
 				fatal("%s: security_getenforce() failed", __func__);
-@@ -409,7 +410,7 @@ sshd_selinux_setup_exec_context(char *pw
+@@ -410,7 +411,7 @@ sshd_selinux_setup_exec_context(char *pw
 	debug3("%s: setting execution context", __func__);
@ -214,9 +214,9 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compa
 		r = setexeccon(user_ctx);
 		if (r < 0) {
 diff -up openssh/platform.c.refactor openssh/platform.c
--- openssh/platform.c.refactor	2017-09-27 13:10:19.574830708 +0200
+--- openssh/platform.c.refactor	2019-04-04 13:19:12.204821389 +0200
-+++ openssh/platform.c	2017-09-27 13:11:45.475303050 +0200
+++ openssh/platform.c	2019-04-04 13:19:12.277822088 +0200
-@@ -33,6 +33,9 @@
+@@ -32,6 +32,9 @@
 extern int use_privsep;
 extern ServerOptions options;
@ -226,7 +226,7 @@ diff -up openssh/platform.c.refactor openssh/platform.c
 void
 platform_pre_listen(void)
-@@ -184,7 +187,9 @@ platform_setusercontext_post_groups(stru
+@@ -183,7 +186,9 @@ platform_setusercontext_post_groups(stru
 	}
 #endif /* HAVE_SETPCRED */
 #ifdef WITH_SELINUX
@ -238,9 +238,27 @@ diff -up openssh/platform.c.refactor openssh/platform.c
 }
 diff -up openssh/sshd.c.refactor openssh/sshd.c
--- openssh/sshd.c.refactor	2017-09-27 13:10:19.674831257 +0200
+--- openssh/sshd.c.refactor	2019-04-04 13:19:12.275822068 +0200
-+++ openssh/sshd.c	2017-09-27 13:12:01.635391909 +0200
+++ openssh/sshd.c	2019-04-04 13:19:51.270195262 +0200
-@@ -2135,7 +2135,9 @@ main(int ac, char **av)
+@@ -158,7 +158,7 @@ int debug_flag = 0;
 static int test_flag = 0;
 /* Flag indicating that the daemon is being started from inetd. */
 -static int inetd_flag = 0;
 +int inetd_flag = 0;
 /* Flag indicating that sshd should not detach and become a daemon. */
 static int no_daemon_flag = 0;
@@ -171,7 +171,7 @@ static char **saved_argv;
 static int saved_argc;
 /* re-exec */
 -static int rexeced_flag = 0;
 +int rexeced_flag = 0;
 static int rexec_flag = 1;
 static int rexec_argc = 0;
 static char **rexec_argv;
@@ -2192,7 +2192,9 @@ main(int ac, char **av)
 	}
 #endif
 #ifdef WITH_SELINUX
--- a/openssh-7.6p1-pkcs11-ecdsa.patch
+++ b/openssh-7.6p1-pkcs11-ecdsa.patch
@ -1,801 +0,0 @@
 diff -up openssh-7.6p1/ssh-pkcs11-client.c.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11-client.c
 --- openssh-7.6p1/ssh-pkcs11-client.c.pkcs11-ecdsa	2018-02-16 13:25:59.426469253 +0100
 +++ openssh-7.6p1/ssh-pkcs11-client.c	2018-02-16 13:25:59.428469265 +0100
@@ -31,6 +31,15 @@
 #include <errno.h>
 #include <openssl/rsa.h>
 +#ifdef OPENSSL_HAS_ECC
 +#include <openssl/ecdsa.h>
 +#if ((defined(LIBRESSL_VERSION_NUMBER) && \
 +	(LIBRESSL_VERSION_NUMBER >= 0x20010002L))) || \
 +	(defined(ECDSA_F_ECDSA_METHOD_NEW)) || \
 +	(OPENSSL_VERSION_NUMBER >= 0x00010100L)
 +#define ENABLE_PKCS11_ECDSA 1
 +#endif
 +#endif
 #include "pathnames.h"
 #include "xmalloc.h"
@@ -139,9 +147,9 @@ pkcs11_rsa_private_encrypt(int flen, con
 	return (ret);
 }
 -/* redirect the private key encrypt operation to the ssh-pkcs11-helper */
 +/* redirect the RSA private key encrypt operation to the ssh-pkcs11-helper */
 static int
 -wrap_key(RSA *rsa)
 +wrap_rsa_key(RSA *rsa)
 {
 	static RSA_METHOD helper_rsa;
@@ -152,6 +160,88 @@ wrap_key(RSA *rsa)
 	return (0);
 }
 +#ifdef ENABLE_PKCS11_ECDSA
 +static ECDSA_SIG *
 +pkcs11_ecdsa_private_sign(const unsigned char *from, int flen,
 +    const BIGNUM *inv, const BIGNUM *rp, EC_KEY * ecdsa)
 +{
 +	struct sshkey *key = NULL;
 +	u_char *blob, *signature = NULL;
 +	size_t blen, slen = 0;
 +	struct sshbuf *msg = NULL;
 +	ECDSA_SIG *ret = NULL;
 +	BIGNUM *r = NULL, *s = NULL;
 +	int rv;
 +
 +	if ((key = sshkey_new(KEY_ECDSA)) == NULL)
 +		fatal("%s: sshkey_new failed", __func__);
 +	key->ecdsa = ecdsa;
 +	key->ecdsa_nid = sshkey_ecdsa_key_to_nid(ecdsa);
 +	if (sshkey_to_blob(key, &blob, &blen) == 0)
 +		goto out;
 +	if ((msg = sshbuf_new()) == NULL)
 +		fatal("%s: sshbuf_new failed", __func__);
 +	if ((rv = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 ||
 +	    (rv = sshbuf_put_string(msg, blob, blen)) != 0 ||
 +	    (rv = sshbuf_put_string(msg, from, flen)) != 0 ||
 +	    (rv = sshbuf_put_u32(msg, 0)) != 0)
 +		fatal("%s: buffer error: %s", __func__, ssh_err(rv));
 +	free(blob);
 +	send_msg(msg);
 +	sshbuf_reset(msg);
 +
 +	if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) {
 +		if ((rv = sshbuf_get_string(msg, &signature, &slen)) != 0)
 +			fatal("%s: buffer error: %s", __func__, ssh_err(rv));
 +		if (slen <= (size_t)ECDSA_size(ecdsa)) {
 +			int nlen = slen / 2;
 +			ret = ECDSA_SIG_new();
 +			r = BN_new();
 +			s = BN_new();
 +			BN_bin2bn(&signature[0], nlen, r);
 +			BN_bin2bn(&signature[nlen], nlen, s);
 +			ECDSA_SIG_set0(ret, r, s);
 +		}
 +		free(signature);
 +	}
 +out:
 +	sshkey_free(key);
 +	sshbuf_free(msg);
 +	return (ret);
 +}
 +
 +/* redirect the ECDSA private key encrypt operation to the ssh-pkcs11-helper */
 +static int
 +wrap_ecdsa_key(EC_KEY *ecdsa) {
 +#if (OPENSSL_VERSION_NUMBER >= 0x00010100L)
 +	static EC_KEY_METHOD *helper_ecdsa = NULL;
 +	if (helper_ecdsa == NULL) {
 +		const EC_KEY_METHOD *def = EC_KEY_get_default_method();
 +		helper_ecdsa = EC_KEY_METHOD_new(def);
 +		EC_KEY_METHOD_set_sign(helper_ecdsa, NULL, NULL, pkcs11_ecdsa_private_sign);
 +	}
 +	EC_KEY_set_method(ecdsa, helper_ecdsa);
 +#else
 +	static ECDSA_METHOD *helper_ecdsa = NULL;
 +	if(helper_ecdsa == NULL) {
 +		const ECDSA_METHOD *def = ECDSA_get_default_method();
 +# ifdef ECDSA_F_ECDSA_METHOD_NEW
 +		helper_ecdsa = ECDSA_METHOD_new((ECDSA_METHOD *)def);
 +		ECDSA_METHOD_set_name(helper_ecdsa, "ssh-pkcs11-helper-ecdsa");
 +		ECDSA_METHOD_set_sign(helper_ecdsa, pkcs11_ecdsa_private_sign);
 +# else
 +		helper_ecdsa = xcalloc(1, sizeof(*helper_ecdsa));
 +		memcpy(helper_ecdsa, def, sizeof(*helper_ecdsa));
 +		helper_ecdsa->name = "ssh-pkcs11-helper-ecdsa";
 +		helper_ecdsa->ecdsa_do_sign = pkcs11_ecdsa_private_sign;
 +# endif
 +	}
 +	ECDSA_set_method(ecdsa, helper_ecdsa);
 +#endif
 +	return (0);
 +}
 +#endif
 +
 static int
 pkcs11_start_helper(void)
 {
@@ -212,7 +281,15 @@ pkcs11_add_provider(char *name, char *pi
 				    __func__, ssh_err(r));
 			if ((r = sshkey_from_blob(blob, blen, &k)) != 0)
 				fatal("%s: bad key: %s", __func__, ssh_err(r));
 -			wrap_key(k->rsa);
 +			if(k->type == KEY_RSA) {
 +				 wrap_rsa_key(k->rsa);
 +#ifdef ENABLE_PKCS11_ECDSA
 +			} else if(k->type == KEY_ECDSA) {
 +				 wrap_ecdsa_key(k->ecdsa);
 +#endif /* ENABLE_PKCS11_ECDSA */
 +			} else {
 +				/* Unsupported type */
 +			}
 			(*keysp)[i] = k;
 			free(blob);
 		}
 diff -up openssh-7.6p1/ssh-pkcs11.c.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11.c
 --- openssh-7.6p1/ssh-pkcs11.c.pkcs11-ecdsa	2018-02-16 13:25:59.427469259 +0100
 +++ openssh-7.6p1/ssh-pkcs11.c	2018-02-16 13:44:51.270554797 +0100
@@ -32,6 +32,16 @@
 #include "openbsd-compat/sys-queue.h"
 #include <openssl/x509.h>
 +#include <openssl/rsa.h>
 +#ifdef OPENSSL_HAS_ECC
 +#include <openssl/ecdsa.h>
 +#if ((defined(LIBRESSL_VERSION_NUMBER) && \
 +	(LIBRESSL_VERSION_NUMBER >= 0x20010002L))) || \
 +	(defined(ECDSA_F_ECDSA_METHOD_NEW)) || \
 +	(OPENSSL_VERSION_NUMBER >= 0x00010100L)
 +#define ENABLE_PKCS11_ECDSA 1
 +#endif
 +#endif
 #define CRYPTOKI_COMPAT
 #include "pkcs11.h"
@@ -67,6 +76,7 @@ TAILQ_HEAD(, pkcs11_provider) pkcs11_pro
 struct pkcs11_key {
 	struct pkcs11_provider	*provider;
 	CK_ULONG		slotidx;
 +	CK_ULONG		key_type;
 	int			(*orig_finish)(RSA *rsa);
 	RSA_METHOD		rsa_method;
 	char			*keyid;
@@ -75,6 +85,9 @@ struct pkcs11_key {
 };
 int pkcs11_interactive = 0;
 +#ifdef ENABLE_PKCS11_ECDSA
 +static int pkcs11_key_idx = -1;
 +#endif /* ENABLE_PKCS11_ECDSA */
 /*
  * This can't be in the ssh-pkcs11-uri, becase we can not depend on
@@ -289,6 +302,40 @@ pkcs11_find(struct pkcs11_provider *p, C
 	return (ret);
 }
 +int pkcs11_login(struct pkcs11_key *k11, CK_FUNCTION_LIST *f, struct pkcs11_slotinfo *si) {
 +	char			*pin = NULL, prompt[1024];
 +	CK_RV			rv;
 +	if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) {
 +		if (!pkcs11_interactive) {
 +			error("need pin entry%s", (si->token.flags &
 +			    CKF_PROTECTED_AUTHENTICATION_PATH) ?
 +			    " on reader keypad" : "");
 +			return (-1);
 +		}
 +		if (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
 +			verbose("Deferring PIN entry to reader keypad.");
 +		else {
 +			snprintf(prompt, sizeof(prompt),
 +			    "Enter PIN for '%s': ", si->token.label);
 +			pin = read_passphrase(prompt, RP_ALLOW_EOF);
 +			if (pin == NULL)
 +				return (-1);	/* bail out */
 +		}
 +		rv = f->C_Login(si->session, CKU_USER, (u_char *)pin,
 +		    (pin != NULL) ? strlen(pin) : 0);
 +		if (pin != NULL) {
 +			explicit_bzero(pin, strlen(pin));
 +			free(pin);
 +		}
 +		if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
 +			error("C_Login failed: %lu", rv);
 +			return (-1);
 +		}
 +		si->logged_in = 1;
 +	}
 +	return 0;
 +}
 +
 /* openssl callback doing the actual signing operation */
 static int
 pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
@@ -310,7 +357,6 @@ pkcs11_rsa_private_encrypt(int flen, con
 		{CKA_ID, NULL, 0},
 		{CKA_SIGN, NULL, sizeof(true_val) }
 	};
 -	char			*pin = NULL, prompt[1024];
 	int			rval = -1;
 	key_filter[0].pValue = &private_key_class;
@@ -326,33 +372,8 @@ pkcs11_rsa_private_encrypt(int flen, con
 	}
 	f = k11->provider->module->function_list;
 	si = &k11->provider->module->slotinfo[k11->slotidx];
 -	if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) {
 -		if (!pkcs11_interactive) {
 -			error("need pin entry%s", (si->token.flags &
 -			    CKF_PROTECTED_AUTHENTICATION_PATH) ?
 -			    " on reader keypad" : "");
 -			return (-1);
 -		}
 -		if (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
 -			verbose("Deferring PIN entry to reader keypad.");
 -		else {
 -			snprintf(prompt, sizeof(prompt),
 -			    "Enter PIN for '%s': ", si->token.label);
 -			pin = read_passphrase(prompt, RP_ALLOW_EOF);
 -			if (pin == NULL)
 -				return (-1);	/* bail out */
 -		}
 -		rv = f->C_Login(si->session, CKU_USER, (u_char *)pin,
 -		    (pin != NULL) ? strlen(pin) : 0);
 -		if (pin != NULL) {
 -			explicit_bzero(pin, strlen(pin));
 -			free(pin);
 -		}
 -		if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
 -			error("C_Login failed: %lu", rv);
 -			return (-1);
 -		}
 -		si->logged_in = 1;
 +	if(pkcs11_login(k11, f, si)) {
 +		return (-1);
 	}
 	key_filter[1].pValue = k11->keyid;
 	key_filter[1].ulValueLen = k11->keyid_len;
@@ -390,6 +411,7 @@ pkcs11_rsa_wrap(struct pkcs11_provider *
 	const RSA_METHOD	*def = RSA_get_default_method();
 	k11 = xcalloc(1, sizeof(*k11));
 +	k11->key_type = CKK_RSA;
 	k11->provider = provider;
 	provider->refcount++;	/* provider referenced by RSA key */
 	k11->slotidx = slotidx;
@@ -415,6 +437,184 @@ pkcs11_rsa_wrap(struct pkcs11_provider *
 	return (0);
 }
 +#ifdef ENABLE_PKCS11_ECDSA
 +static ECDSA_SIG *pkcs11_ecdsa_sign(const unsigned char *dgst, int dgst_len,
 +                                    const BIGNUM *inv, const BIGNUM *rp,
 +                                    EC_KEY *ecdsa) {
 +	struct pkcs11_key	*k11;
 +	struct pkcs11_slotinfo	*si;
 +	CK_FUNCTION_LIST	*f;
 +	CK_OBJECT_HANDLE	obj;
 +	CK_ULONG		tlen = 0;
 +	CK_RV			rv;
 +	CK_OBJECT_CLASS	private_key_class = CKO_PRIVATE_KEY;
 +	CK_BBOOL		true_val = CK_TRUE;
 +	CK_MECHANISM		mech = {
 +		CKM_ECDSA, NULL_PTR, 0
 +	};
 +	CK_ATTRIBUTE		key_filter[] = {
 +		{CKA_CLASS, NULL, sizeof(private_key_class) },
 +		{CKA_ID, NULL, 0},
 +		{CKA_SIGN, NULL, sizeof(true_val) }
 +	};
 +	ECDSA_SIG  		*rval = NULL;
 +	key_filter[0].pValue = &private_key_class;
 +	key_filter[2].pValue = &true_val;
 +
 + #if (OPENSSL_VERSION_NUMBER >= 0x00010100L)
 +	if ((k11 = (struct pkcs11_key *)EC_KEY_get_ex_data(ecdsa, pkcs11_key_idx)) == NULL) {
 +		error("EC_KEY_get_ex_data failed for ecdsa %p", ecdsa);
 + #else
 +	if ((k11 = (struct pkcs11_key *)ECDSA_get_ex_data(ecdsa, pkcs11_key_idx)) == NULL) {
 +		error("ECDSA_get_ex_data failed for ecdsa %p", ecdsa);
 + #endif
 +		return NULL;
 +	}
 +	if (!k11->provider || !k11->provider->valid) {
 +		error("no pkcs11 (valid) provider for ecdsa %p", ecdsa);
 +		return NULL;
 +	}
 +	f = k11->provider->module->function_list;
 +	si = &k11->provider->module->slotinfo[k11->slotidx];
 +	if(pkcs11_login(k11, f, si)) {
 +		return NULL;
 +	}
 +	key_filter[1].pValue = k11->keyid;
 +	key_filter[1].ulValueLen = k11->keyid_len;
 +	/* try to find object w/CKA_SIGN first, retry w/o */
 +	if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0 &&
 +	    pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0) {
 +		error("cannot find private key");
 +	} else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) {
 +		error("C_SignInit failed: %lu", rv);
 +	} else {
 +		CK_BYTE_PTR buf = NULL;
 +		BIGNUM *r = NULL, *s = NULL;
 +		int nlen;
 +		/* Make a call to C_Sign to find out the size of the signature */
 +		rv = f->C_Sign(si->session, (CK_BYTE *)dgst, dgst_len, NULL, &tlen);
 +		if (rv != CKR_OK) {
 +			error("C_Sign failed: %lu", rv);
 +			return NULL;
 +		}
 +		if ((buf = xmalloc(tlen)) == NULL) {
 +			error("failure to allocate signature buffer");
 +			return NULL;
 +		}
 +		rv = f->C_Sign(si->session, (CK_BYTE *)dgst, dgst_len, buf, &tlen);
 +		if (rv != CKR_OK) {
 +			error("C_Sign failed: %lu", rv);
 +		}
 +
 +		if ((rval = ECDSA_SIG_new()) == NULL ||
 +		    (r = BN_new()) == NULL ||
 +		    (s = BN_new()) == NULL) {
 +			error("failure to allocate ECDSA signature");
 +		} else {
 +			/*
 +			 * ECDSA signature is 2 large integers of same size returned
 +			 * concatenated by PKCS#11, we separate them to create an
 +			 * ECDSA_SIG for OpenSSL.
 +			 */
 +			nlen = tlen / 2;
 +			BN_bin2bn(&buf[0], nlen, r);
 +			BN_bin2bn(&buf[nlen], nlen, s);
 +			ECDSA_SIG_set0(rval, r, s);
 +		}
 +		free(buf);
 +	}
 +	return (rval);
 +}
 +
 +#if (OPENSSL_VERSION_NUMBER >= 0x00010100L)
 +static EC_KEY_METHOD *get_pkcs11_ecdsa_method(void) {
 +	static EC_KEY_METHOD *pkcs11_ecdsa_method = NULL;
 +	if(pkcs11_key_idx == -1) {
 +		pkcs11_key_idx = EC_KEY_get_ex_new_index(0, NULL, NULL, NULL, 0);
 +	}
 +	if (pkcs11_ecdsa_method == NULL) {
 +		const EC_KEY_METHOD *def = EC_KEY_get_default_method();
 +		pkcs11_ecdsa_method = EC_KEY_METHOD_new(def);
 +		EC_KEY_METHOD_set_sign(pkcs11_ecdsa_method, NULL, NULL, pkcs11_ecdsa_sign);
 +	}
 +#else
 +static ECDSA_METHOD *get_pkcs11_ecdsa_method(void) {
 +	static ECDSA_METHOD *pkcs11_ecdsa_method = NULL;
 +	if(pkcs11_key_idx == -1) {
 +		pkcs11_key_idx = ECDSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
 +	}
 +	if(pkcs11_ecdsa_method == NULL) {
 +		const ECDSA_METHOD *def = ECDSA_get_default_method();
 + #ifdef ECDSA_F_ECDSA_METHOD_NEW
 +		pkcs11_ecdsa_method = ECDSA_METHOD_new((ECDSA_METHOD *)def);
 +		ECDSA_METHOD_set_name(pkcs11_ecdsa_method, "pkcs11");
 +		ECDSA_METHOD_set_sign(pkcs11_ecdsa_method, pkcs11_ecdsa_sign);
 + #else
 +		pkcs11_ecdsa_method = xcalloc(1, sizeof(*pkcs11_ecdsa_method));
 +		memcpy(pkcs11_ecdsa_method, def, sizeof(*pkcs11_ecdsa_method));
 +		pkcs11_ecdsa_method->name = "pkcs11";
 +		pkcs11_ecdsa_method->ecdsa_do_sign = pkcs11_ecdsa_sign;
 + #endif
 +	}
 +#endif
 +	return pkcs11_ecdsa_method;
 +}
 +
 +static int
 +pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
 +                  CK_ATTRIBUTE *keyid_attrib, CK_ATTRIBUTE *label_attrib, EC_KEY *ecdsa)
 +{
 +	struct pkcs11_key *k11;
 +	k11 = xcalloc(1, sizeof(*k11));
 +	k11->key_type = CKK_EC;
 +	k11->provider = provider;
 +	provider->refcount++; /* provider referenced by ECDSA key */
 +	k11->slotidx = slotidx;
 +	/* identify key object on smartcard */
 +	k11->keyid_len = keyid_attrib->ulValueLen;
 +	if (k11->keyid_len > 0) {
 +		k11->keyid = xmalloc(k11->keyid_len);
 +		memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
 +	}
 +	if (label_attrib->ulValueLen > 0 ) {
 +		k11->label = xmalloc(label_attrib->ulValueLen+1);
 +		memcpy(k11->label, label_attrib->pValue, label_attrib->ulValueLen);
 +		k11->label[label_attrib->ulValueLen] = 0;
 +	}
 + #if (OPENSSL_VERSION_NUMBER >= 0x00010100L)
 +	EC_KEY_set_method(ecdsa, get_pkcs11_ecdsa_method());
 +	EC_KEY_set_ex_data(ecdsa, pkcs11_key_idx, k11);
 + #else
 +	ECDSA_set_method(ecdsa, get_pkcs11_ecdsa_method());
 +	ECDSA_set_ex_data(ecdsa, pkcs11_key_idx, k11);
 + #endif
 +	return (0);
 +}
 +#endif /* ENABLE_PKCS11_ECDSA */
 +
 +int pkcs11_del_key(struct sshkey *key) {
 +#ifdef ENABLE_PKCS11_ECDSA
 +	if(key->type == KEY_ECDSA) {
 +		struct pkcs11_key *k11 = (struct pkcs11_key *)
 + #if (OPENSSL_VERSION_NUMBER >= 0x00010100L)
 +			EC_KEY_get_ex_data(key->ecdsa, pkcs11_key_idx);
 + #else
 +			ECDSA_get_ex_data(key->ecdsa, pkcs11_key_idx);
 + #endif
 +		if (k11 == NULL) {
 +			error("EC_KEY_get_ex_data failed for ecdsa %p", key->ecdsa);
 +		} else {
 +			if (k11->provider)
 +				pkcs11_provider_unref(k11->provider);
 +			free(k11->keyid);
 +			free(k11);
 +		}
 +	}
 +#endif /* ENABLE_PKCS11_ECDSA */
 +	sshkey_free(key);
 +	return (0);
 +}
 +
 /* remove trailing spaces */
 static void
 rmspace(u_char *buf, size_t len)
@@ -482,11 +646,13 @@ static int
 pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
     struct sshkey ***keysp, int *nkeys, struct pkcs11_uri *uri)
 {
 -	size_t filter_size = 1;
 +	size_t filter_size = 2;
 +	CK_KEY_TYPE pubkey_type = CKK_RSA;
 	CK_OBJECT_CLASS	pubkey_class = CKO_PUBLIC_KEY;
 	CK_OBJECT_CLASS	cert_class = CKO_CERTIFICATE;
 	CK_ATTRIBUTE		pubkey_filter[] = {
 		{ CKA_CLASS, NULL, sizeof(pubkey_class) },
 +		{ CKA_KEY_TYPE, NULL, sizeof(pubkey_type) },
 		{ CKA_ID, NULL, 0 },
 		{ CKA_LABEL, NULL, 0 }
 	};
@@ -507,29 +673,60 @@ pkcs11_fetch_keys(struct pkcs11_provider
 		{ CKA_SUBJECT, NULL, 0 },
 		{ CKA_VALUE, NULL, 0 }
 	};
 +#ifdef ENABLE_PKCS11_ECDSA
 +	CK_KEY_TYPE	        ecdsa_type = CKK_EC;
 +	CK_ATTRIBUTE		ecdsa_filter[] = {
 +		{ CKA_CLASS, NULL, sizeof(pubkey_class) },
 +		{ CKA_KEY_TYPE, NULL, sizeof(ecdsa_type) },
 +		{ CKA_ID, NULL, 0 },
 +		{ CKA_LABEL, NULL, 0 }
 +	};
 +	CK_ATTRIBUTE		ecdsa_attribs[] = {
 +		{ CKA_ID, NULL, 0 },
 +		{ CKA_LABEL, NULL, 0 },
 +		{ CKA_EC_PARAMS, NULL, 0 },
 +		{ CKA_EC_POINT, NULL, 0 }
 +	};
 +	ecdsa_filter[0].pValue = &pubkey_class;
 +	ecdsa_filter[1].pValue = &ecdsa_type;
 +#endif /* ENABLE_PKCS11_ECDSA */
 	pubkey_filter[0].pValue = &pubkey_class;
 +	pubkey_filter[1].pValue = &pubkey_type;
 	cert_filter[0].pValue = &cert_class;
 	if (uri->id != NULL) {
 		pubkey_filter[filter_size].pValue = uri->id;
 		pubkey_filter[filter_size].ulValueLen = uri->id_len;
 -		cert_filter[filter_size].pValue = uri->id;
 -		cert_filter[filter_size].ulValueLen = uri->id_len;
 +#ifdef ENABLE_PKCS11_ECDSA
 +		ecdsa_filter[filter_size].pValue = uri->id;
 +		ecdsa_filter[filter_size].ulValueLen = uri->id_len;
 +#endif /* ENABLE_PKCS11_ECDSA */
 +		cert_filter[filter_size-1].pValue = uri->id;
 +		cert_filter[filter_size-1].ulValueLen = uri->id_len;
 		filter_size++;
 	}
 	if (uri->object != NULL) {
 		pubkey_filter[filter_size].pValue = uri->object;
 		pubkey_filter[filter_size].ulValueLen = strlen(uri->object);
 		pubkey_filter[filter_size].type = CKA_LABEL;
 -		cert_filter[filter_size].pValue = uri->object;
 -		cert_filter[filter_size].ulValueLen = strlen(uri->object);
 -		cert_filter[filter_size].type = CKA_LABEL;
 +#ifdef ENABLE_PKCS11_ECDSA
 +		ecdsa_filter[filter_size].pValue = uri->object;
 +		ecdsa_filter[filter_size].ulValueLen = strlen(uri->object);
 +		ecdsa_filter[filter_size].type = CKA_LABEL;
 +#endif /* ENABLE_PKCS11_ECDSA */
 +		cert_filter[filter_size-1].pValue = uri->object;
 +		cert_filter[filter_size-1].ulValueLen = strlen(uri->object);
 +		cert_filter[filter_size-1].type = CKA_LABEL;
 		filter_size++;
 	}
 	if (pkcs11_fetch_keys_filter(p, slotidx, pubkey_filter, filter_size,
 	    pubkey_attribs, keysp, nkeys) < 0 ||
 -	    pkcs11_fetch_keys_filter(p, slotidx, cert_filter, filter_size,
 +#ifdef ENABLE_PKCS11_ECDSA
 +	    pkcs11_fetch_keys_filter(p, slotidx, ecdsa_filter, filter_size,
 +	    ecdsa_attribs, keysp, nkeys) < 0||
 +#endif /* ENABLE_PKCS11_ECDSA */
 +	    pkcs11_fetch_keys_filter(p, slotidx, cert_filter, filter_size - 1,
 	    cert_attribs, keysp, nkeys) < 0)
 		return (-1);
 	return (0);
@@ -553,6 +746,11 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
 {
 	struct sshkey		*key;
 	RSA			*rsa;
 +#ifdef ENABLE_PKCS11_ECDSA
 +	EC_KEY			*ecdsa;
 +#else
 +	void			*ecdsa;
 +#endif /* ENABLE_PKCS11_ECDSA */
 	X509 			*x509;
 	EVP_PKEY		*evp = NULL;
 	int			i;
@@ -608,6 +806,9 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
 		 * or ID, label, subject and value for certificates.
 		 */
 		rsa = NULL;
 +#ifdef ENABLE_PKCS11_ECDSA
 +		ecdsa = NULL;
 +#endif /* ENABLE_PKCS11_ECDSA */
 		if ((rv = f->C_GetAttributeValue(session, obj, attribs, nattribs))
 		    != CKR_OK) {
 			error("C_GetAttributeValue failed: %lu", rv);
@@ -620,6 +821,45 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
 				rsa->e = BN_bin2bn(attribs[3].pValue,
 				    attribs[3].ulValueLen, NULL);
 			}
 +#ifdef ENABLE_PKCS11_ECDSA
 +		} else if (attribs[2].type == CKA_EC_PARAMS ) {
 +			if ((ecdsa = EC_KEY_new()) == NULL) {
 +				error("EC_KEY_new failed");
 +			} else {
 +				const unsigned char *ptr1 = attribs[2].pValue;
 +				const unsigned char *ptr2 = attribs[3].pValue;
 +				CK_ULONG len1 = attribs[2].ulValueLen;
 +				CK_ULONG len2 = attribs[3].ulValueLen;
 +				ASN1_OCTET_STRING *point = NULL;
 +
 +				/*
 +				 * CKA_EC_PARAMS contains the curve parameters of the key
 +				 * either referenced as an OID or directly with all values.
 +				 * CKA_EC_POINT contains the point (public key) on the curve.
 +				 * The point is should be returned inside a DER-encoded
 +				 * ASN.1 OCTET STRING value (but some implementation).
 +				 */
 +				if ((point = d2i_ASN1_OCTET_STRING(NULL, &ptr2, len2))) {
 +					/* Pointing to OCTET STRING content */
 +					ptr2 = point->data;
 +					len2 = point->length;
 +				} else {
 +					/* No OCTET STRING */
 +					ptr2 = attribs[3].pValue;
 +				}
 +
 +				if((d2i_ECParameters(&ecdsa, &ptr1, len1) == NULL) ||
 +				   (o2i_ECPublicKey(&ecdsa, &ptr2, len2) == NULL)) {
 +					EC_KEY_free(ecdsa);
 +					ecdsa = NULL;
 +					error("EC public key parsing failed");
 +				}
 +
 +				if(point) {
 +					ASN1_OCTET_STRING_free(point);
 +				}
 +			}
 +#endif /* ENABLE_PKCS11_ECDSA */
 		} else {
 			cp = attribs[3].pValue;
 			if ((x509 = X509_new()) == NULL) {
@@ -639,13 +879,28 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
 			X509_free(x509);
 			EVP_PKEY_free(evp);
 		}
 -		if (rsa && rsa->n && rsa->e &&
 -		    pkcs11_rsa_wrap(p, slotidx, &attribs[0], &attribs[1], rsa) == 0) {
 -			if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
 -				fatal("sshkey_new failed");
 -			key->rsa = rsa;
 -			key->type = KEY_RSA;
 -			key->flags |= SSHKEY_FLAG_EXT;
 +		key = NULL;
 +		if (rsa || ecdsa) {
 +			if (rsa && rsa->n && rsa->e &&
 +			    pkcs11_rsa_wrap(p, slotidx, &attribs[0], &attribs[1], rsa) == 0) {
 +				if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
 +					fatal("sshkey_new failed");
 +				key->rsa = rsa;
 +				key->type = KEY_RSA;
 +				key->flags |= SSHKEY_FLAG_EXT;
 +#ifdef ENABLE_PKCS11_ECDSA
 +			} else if(ecdsa && pkcs11_ecdsa_wrap(p, slotidx, &attribs[0], &attribs[1], ecdsa) == 0) {
 +				if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
 +					fatal("sshkey_new failed");
 +				key->ecdsa = ecdsa;
 +				key->ecdsa_nid = sshkey_ecdsa_key_to_nid(ecdsa);
 +				key->type = KEY_ECDSA;
 +				key->flags |= SSHKEY_FLAG_EXT;
 +#endif /* ENABLE_PKCS11_ECDSA */
 +			}
 +		}
 +
 +		if(key) {
 			if (pkcs11_key_included(keysp, nkeys, key)) {
 				sshkey_free(key);
 			} else {
@@ -658,6 +913,10 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
 			}
 		} else if (rsa) {
 			RSA_free(rsa);
 +#ifdef ENABLE_PKCS11_ECDSA
 +		} else if (ecdsa) {
 +			EC_KEY_free(ecdsa);
 +#endif /* ENABLE_PKCS11_ECDSA */
 		}
 		for (i = 0; i < nattribs; i++)
 			free(attribs[i].pValue);
 diff -up openssh-7.6p1/ssh-pkcs11-helper.c.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11-helper.c
 --- openssh-7.6p1/ssh-pkcs11-helper.c.pkcs11-ecdsa	2017-10-02 21:34:26.000000000 +0200
 +++ openssh-7.6p1/ssh-pkcs11-helper.c	2018-02-16 13:25:59.428469265 +0100
@@ -24,6 +24,17 @@
 #include "openbsd-compat/sys-queue.h"
 +#include <openssl/rsa.h>
 +#ifdef OPENSSL_HAS_ECC
 +#include <openssl/ecdsa.h>
 +#if ((defined(LIBRESSL_VERSION_NUMBER) && \
 +	(LIBRESSL_VERSION_NUMBER >= 0x20010002L))) || \
 +	(defined(ECDSA_F_ECDSA_METHOD_NEW)) || \
 +	(OPENSSL_VERSION_NUMBER >= 0x00010100L)
 +#define ENABLE_PKCS11_ECDSA 1
 +#endif
 +#endif
 +
 #include <stdarg.h>
 #include <string.h>
 #include <unistd.h>
@@ -80,7 +90,7 @@ del_keys_by_name(char *name)
 		if (!strcmp(ki->providername, name)) {
 			TAILQ_REMOVE(&pkcs11_keylist, ki, next);
 			free(ki->providername);
 -			sshkey_free(ki->key);
 +			pkcs11_del_key(ki->key);
 			free(ki);
 		}
 	}
@@ -164,6 +174,20 @@ process_del(void)
 	sshbuf_free(msg);
 }
 +#ifdef ENABLE_PKCS11_ECDSA
 +static u_int EC_KEY_order_size(EC_KEY *key)
 +{
 +	const EC_GROUP *group = EC_KEY_get0_group(key);
 +	BIGNUM *order = BN_new();
 +	u_int nbytes = 0;
 +	if ((group != NULL) && (order != NULL) && EC_GROUP_get_order(group, order, NULL)) {
 +		nbytes = BN_num_bytes(order);
 +	}
 +	BN_clear_free(order);
 +	return nbytes;
 +}
 +#endif /* ENABLE_PKCS11_ECDSA */
 +
 static void
 process_sign(void)
 {
@@ -180,14 +204,38 @@ process_sign(void)
 	else {
 		if ((found = lookup_key(key)) != NULL) {
 #ifdef WITH_OPENSSL
 -			int ret;
 -
 -			slen = RSA_size(key->rsa);
 -			signature = xmalloc(slen);
 -			if ((ret = RSA_private_encrypt(dlen, data, signature,
 -			    found->rsa, RSA_PKCS1_PADDING)) != -1) {
 -				slen = ret;
 -				ok = 0;
 +			if(found->type == KEY_RSA) {
 +				int ret;
 +				slen = RSA_size(key->rsa);
 +				signature = xmalloc(slen);
 +				if ((ret = RSA_private_encrypt(dlen, data, signature,
 +											   found->rsa, RSA_PKCS1_PADDING)) != -1) {
 +					slen = ret;
 +					ok = 0;
 +				}
 +#ifdef ENABLE_PKCS11_ECDSA
 +			} else if(found->type == KEY_ECDSA) {
 +				ECDSA_SIG *sig;
 +				const BIGNUM *r = NULL, *s = NULL;
 +				if ((sig = ECDSA_do_sign(data, dlen, found->ecdsa)) != NULL) {
 +					/* PKCS11 2.3.1 recommends both r and s to have the order size for
 +					   backward compatiblity */
 +					ECDSA_SIG_get0(sig, &r, &s);
 +					u_int o_len = EC_KEY_order_size(found->ecdsa);
 +					u_int r_len = BN_num_bytes(r);
 +					u_int s_len = BN_num_bytes(s);
 +					if (o_len > 0 && r_len <= o_len && s_len <= o_len) {
 +						signature = xcalloc(2, o_len);
 +						BN_bn2bin(r, signature + o_len - r_len);
 +						BN_bn2bin(s, signature + (2 * o_len) - s_len);
 +						slen = 2 * o_len;
 +						ok = 0;
 +					}
 +					ECDSA_SIG_free(sig);
 +				}
 +#endif /* ENABLE_PKCS11_ECDSA */
 +			} else {
 +				/* Unsupported type */
 			}
 #endif /* WITH_OPENSSL */
 		}
 diff -up openssh-7.6p1/ssh-pkcs11.h.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11.h
 --- openssh-7.6p1/ssh-pkcs11.h.pkcs11-ecdsa	2018-02-16 13:25:59.429469272 +0100
 +++ openssh-7.6p1/ssh-pkcs11.h	2018-02-16 13:45:29.623800048 +0100
@@ -20,6 +20,7 @@
 int	pkcs11_init(int);
 void	pkcs11_terminate(void);
 int	pkcs11_add_provider(char *, char *, struct sshkey ***);
 +int	pkcs11_del_key(struct sshkey *);
 int	pkcs11_add_provider_by_uri(struct pkcs11_uri *, char *, struct sshkey ***);
 int	pkcs11_del_provider(char *);
 int	pkcs11_uri_write(const struct sshkey *, FILE *);
 diff -up openssh-7.6p1/ssh-pkcs11.c.old openssh-7.6p1/ssh-pkcs11.c
 --- openssh-7.6p1/ssh-pkcs11.c.old	2018-02-16 16:43:08.861520255 +0100
 +++ openssh-7.6p1/ssh-pkcs11.c	2018-02-16 16:56:35.312601451 +0100
@@ -917,13 +917,28 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
 			} else if (d2i_X509(&x509, &cp, attribs[3].ulValueLen)
 			    == NULL) {
 				error("d2i_X509 failed");
 -			} else if ((evp = X509_get_pubkey(x509)) == NULL ||
 -			    evp->type != EVP_PKEY_RSA ||
 -			    evp->pkey.rsa == NULL) {
 -				debug("X509_get_pubkey failed or no rsa");
 -			} else if ((rsa = RSAPublicKey_dup(evp->pkey.rsa))
 -			    == NULL) {
 -				error("RSAPublicKey_dup");
 +			} else if ((evp = X509_get_pubkey(x509)) == NULL) {
 +				debug("X509_get_pubkey failed");
 +			} else {
 +				switch (evp->type) {
 +				case EVP_PKEY_RSA:
 +					if (evp->pkey.rsa == NULL)
 +						debug("Missing RSA key");
 +					else if ((rsa = RSAPublicKey_dup(
 +					    evp->pkey.rsa)) == NULL)
 +						error("RSAPublicKey_dup failed");
 +					break;
 +				case EVP_PKEY_EC:
 +					if (evp->pkey.ecdsa == NULL)
 +						debug("Missing ECDSA key");
 +					else if ((ecdsa = EC_KEY_dup(
 +					    evp->pkey.ecdsa)) == NULL)
 +						error("EC_KEY_dup failed");
 +					break;
 +				default:
 +					debug("not a RSA or ECDSA key");
 +					break;
 +				}
 			}
 			X509_free(x509);
 			EVP_PKEY_free(evp);
--- a/openssh-7.6p1-pkcs11-uri.patch
+++ b/openssh-7.6p1-pkcs11-uri.patch
--- a/openssh-7.7p1-fips.patch
+++ b/openssh-7.7p1-fips.patch
@ -1,70 +1,6 @@
-diff -up openssh-7.7p1/cipher.c.fips openssh-7.7p1/cipher.c
+diff -up openssh-8.0p1/cipher-ctr.c.fips openssh-8.0p1/cipher-ctr.c
--- openssh-7.7p1/cipher.c.fips	2018-08-08 10:08:40.814719906 +0200
+--- openssh-8.0p1/cipher-ctr.c.fips	2019-07-23 14:55:45.326525641 +0200
-+++ openssh-7.7p1/cipher.c	2018-08-08 10:08:40.821719965 +0200
+++ openssh-8.0p1/cipher-ctr.c	2019-07-23 14:55:45.401526401 +0200
@@ -39,6 +39,8 @@
 #include <sys/types.h>
 +#include <openssl/fips.h>
 +
 #include <string.h>
 #include <stdarg.h>
 #include <stdio.h>
@@ -90,6 +92,33 @@ static const struct sshcipher ciphers[]
 	{ NULL,			0, 0, 0, 0, 0, NULL }
 };
 +static const struct sshcipher fips_ciphers[] = {
 +#ifdef WITH_OPENSSL
 +	{ "3des-cbc",		8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc },
 +	{ "aes128-cbc",		16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc },
 +	{ "aes192-cbc",		16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc },
 +	{ "aes256-cbc",		16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
 +	{ "rijndael-cbc@lysator.liu.se",
 +				16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
 +	{ "aes128-ctr",		16, 16, 0, 0, 0, EVP_aes_128_ctr },
 +	{ "aes192-ctr",		16, 24, 0, 0, 0, EVP_aes_192_ctr },
 +	{ "aes256-ctr",		16, 32, 0, 0, 0, EVP_aes_256_ctr },
 +# ifdef OPENSSL_HAVE_EVPGCM
 +	{ "aes128-gcm@openssh.com",
 +				16, 16, 12, 16, 0, EVP_aes_128_gcm },
 +	{ "aes256-gcm@openssh.com",
 +				16, 32, 12, 16, 0, EVP_aes_256_gcm },
 +# endif /* OPENSSL_HAVE_EVPGCM */
 +#else
 +	{ "aes128-ctr",		16, 16, 0, 0, CFLAG_AESCTR, NULL },
 +	{ "aes192-ctr",		16, 24, 0, 0, CFLAG_AESCTR, NULL },
 +	{ "aes256-ctr",		16, 32, 0, 0, CFLAG_AESCTR, NULL },
 +#endif
 +	{ "none",		8, 0, 0, 0, CFLAG_NONE, NULL },
 +
 +	{ NULL,			0, 0, 0, 0, 0, NULL }
 +};
 +
 /*--*/
 /* Returns a comma-separated list of supported ciphers. */
@@ -100,7 +129,7 @@ cipher_alg_list(char sep, int auth_only)
 	size_t nlen, rlen = 0;
 	const struct sshcipher *c;
 -	for (c = ciphers; c->name != NULL; c++) {
 +	for (c = FIPS_mode() ? fips_ciphers : ciphers; c->name != NULL; c++) {
 		if ((c->flags & CFLAG_INTERNAL) != 0)
 			continue;
 		if (auth_only && c->auth_len == 0)
@@ -172,7 +201,7 @@ const struct sshcipher *
 cipher_by_name(const char *name)
 {
 	const struct sshcipher *c;
 -	for (c = ciphers; c->name != NULL; c++)
 +	for (c = FIPS_mode() ? fips_ciphers : ciphers; c->name != NULL; c++)
 		if (strcmp(c->name, name) == 0)
 			return c;
 	return NULL;
 diff -up openssh-7.7p1/cipher-ctr.c.fips openssh-7.7p1/cipher-ctr.c
 --- openssh-7.7p1/cipher-ctr.c.fips	2018-08-08 10:08:40.709719021 +0200
 +++ openssh-7.7p1/cipher-ctr.c	2018-08-08 10:08:40.821719965 +0200
@@ -179,7 +179,8 @@ evp_aes_128_ctr(void)
 	aes_ctr.do_cipher = ssh_aes_ctr;
 #ifndef SSH_OLD_EVP
@ -75,100 +11,76 @@ diff -up openssh-7.7p1/cipher-ctr.c.fips openssh-7.7p1/cipher-ctr.c
 #endif
 	return (&aes_ctr);
 }
-diff -up openssh-7.7p1/clientloop.c.fips openssh-7.7p1/clientloop.c
+diff -up openssh-8.0p1/dh.c.fips openssh-8.0p1/dh.c
--- openssh-7.7p1/clientloop.c.fips	2018-08-08 10:08:40.769719527 +0200
+--- openssh-8.0p1/dh.c.fips	2019-04-18 00:52:57.000000000 +0200
-+++ openssh-7.7p1/clientloop.c	2018-08-08 10:08:40.822719973 +0200
+++ openssh-8.0p1/dh.c	2019-07-23 14:55:45.401526401 +0200
-@@ -1978,7 +1978,8 @@ key_accepted_by_hostkeyalgs(const struct
+@@ -152,6 +152,12 @@ choose_dh(int min, int wantbits, int max
- {
+ 	int best, bestcount, which, linenum;
- 	const char *ktype = sshkey_ssh_name(key);
+ 	struct dhgroup dhg;
 	const char *hostkeyalgs = options.hostkeyalgorithms != NULL ?
 -	    options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG;
 +	    options.hostkeyalgorithms : (FIPS_mode() ?
 +	    KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG);
- 	if (key == NULL || key->type == KEY_UNSPEC)
+	if (FIPS_mode()) {
- 		return 0;
+		logit("Using arbitrary primes is not allowed in FIPS mode."
-diff -up openssh-7.7p1/dh.h.fips openssh-7.7p1/dh.h
+		    " Falling back to known groups.");
--- openssh-7.7p1/dh.h.fips	2018-04-02 07:38:28.000000000 +0200
+		return (dh_new_group_fallback(max));
-+++ openssh-7.7p1/dh.h	2018-08-08 10:08:40.822719973 +0200
+	}
@@ -51,6 +51,7 @@ u_int	 dh_estimate(int);
  * Miniumum increased in light of DH precomputation attacks.
  */
 #define DH_GRP_MIN	2048
 +#define DH_GRP_MIN_FIPS	2048
 #define DH_GRP_MAX	8192
 /*
 diff -up openssh-7.7p1/entropy.c.fips openssh-7.7p1/entropy.c
 --- openssh-7.7p1/entropy.c.fips	2018-08-08 10:08:40.698718928 +0200
 +++ openssh-7.7p1/entropy.c	2018-08-08 10:08:40.822719973 +0200
@@ -217,6 +217,9 @@ seed_rng(void)
 		fatal("OpenSSL version mismatch. Built against %lx, you "
 		    "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
 +	/* clean the PRNG status when exiting the program */
 +	atexit(RAND_cleanup);
 +
- #ifndef OPENSSL_PRNG_ONLY
+ 	if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
- 	if (RAND_status() == 1) {
+ 		logit("WARNING: could not open %s (%s), using fixed modulus",
- 		debug3("RNG is ready, skipping seeding");
+ 		    _PATH_DH_MODULI, strerror(errno));
-diff -up openssh-7.7p1/kex.c.fips openssh-7.7p1/kex.c
+@@ -489,4 +495,38 @@ dh_estimate(int bits)
--- openssh-7.7p1/kex.c.fips	2018-08-08 10:08:40.815719915 +0200
+ 	return 8192;
-+++ openssh-7.7p1/kex.c	2018-08-08 10:11:24.109081924 +0200
+ }
@@ -35,6 +35,7 @@
 #ifdef WITH_OPENSSL
 #include <openssl/crypto.h>
 #include <openssl/dh.h>
 +#include <openssl/fips.h>
 #endif
- #include "ssh2.h"
+/*
-@@ -122,6 +123,26 @@ static const struct kexalg kexalgs[] = {
+ * Compares the received DH parameters with known-good groups,
- 	{ NULL, -1, -1, -1},
+ * which might be either from group14, group16 or group18.
- };
+ */
- 
+int
-+static const struct kexalg kexalgs_fips[] = {
+dh_is_known_group(const DH *dh)
-+	{ KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 },
+{
-+	{ KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 },
+	const BIGNUM *p, *g;
-+	{ KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 },
+	const BIGNUM *known_p, *known_g;
-+#ifdef HAVE_EVP_SHA256
+	DH *known = NULL;
-+	{ KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },
+	int bits = 0, rv = 0;
 +#endif
 +#ifdef OPENSSL_HAS_ECC
 +	{ KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2,
 +	    NID_X9_62_prime256v1, SSH_DIGEST_SHA256 },
 +	{ KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1,
 +	    SSH_DIGEST_SHA384 },
 +# ifdef OPENSSL_HAS_NISTP521
 +	{ KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1,
 +	    SSH_DIGEST_SHA512 },
 +# endif
 +#endif
 +	{ NULL, -1, -1, -1},
 +};
 +
- char *
+	DH_get0_pqg(dh, &p, NULL, &g);
- kex_alg_list(char sep)
+	bits = BN_num_bits(p);
- {
+
-@@ -129,7 +150,7 @@ kex_alg_list(char sep)
+	if (bits <= 3072) {
- 	size_t nlen, rlen = 0;
+		known = dh_new_group14();
- 	const struct kexalg *k;
+	} else if (bits <= 6144) {
 +		known = dh_new_group16();
 +	} else {
 +		known = dh_new_group18();
 +	}
 +
 +	DH_get0_pqg(known, &known_p, NULL, &known_g);
 +
 +	if (BN_cmp(g, known_g) == 0 &&
 +	    BN_cmp(p, known_p) == 0) {
 +		rv = 1;
 +	}
 +
 +	DH_free(known);
 +	return rv;
 +}
 +
 #endif /* WITH_OPENSSL */
 diff -up openssh-8.0p1/dh.h.fips openssh-8.0p1/dh.h
 --- openssh-8.0p1/dh.h.fips	2019-04-18 00:52:57.000000000 +0200
 +++ openssh-8.0p1/dh.h	2019-07-23 14:55:45.401526401 +0200
@@ -43,6 +43,7 @@ DH	*dh_new_group_fallback(int);
-	for (k = kexalgs; k->name != NULL; k++) {
+ int	 dh_gen_key(DH *, int);
-+	for (k = (FIPS_mode() ? kexalgs_fips : kexalgs); k->name != NULL; k++) {
+ int	 dh_pub_is_valid(const DH *, const BIGNUM *);
- 		if (ret != NULL)
+int	 dh_is_known_group(const DH *);
 			ret[rlen++] = sep;
 		nlen = strlen(k->name);
@@ -149,7 +170,7 @@ kex_alg_by_name(const char *name)
 {
 	const struct kexalg *k;
-	for (k = kexalgs; k->name != NULL; k++) {
+ u_int	 dh_estimate(int);
-+	for (k = (FIPS_mode() ? kexalgs_fips : kexalgs); k->name != NULL; k++) {
+ 
- 		if (strcmp(k->name, name) == 0)
+diff -up openssh-8.0p1/kex.c.fips openssh-8.0p1/kex.c
- 			return k;
+--- openssh-8.0p1/kex.c.fips	2019-07-23 14:55:45.395526340 +0200
- #ifdef GSSAPI
+++ openssh-8.0p1/kex.c	2019-07-23 14:55:45.402526411 +0200
-@@ -175,7 +196,10 @@ kex_names_valid(const char *names)
+@@ -199,7 +199,10 @@ kex_names_valid(const char *names)
 	for ((p = strsep(&cp, ",")); p && *p != '\0';
 	    (p = strsep(&cp, ","))) {
 		if (kex_alg_by_name(p) == NULL) {
@ -180,109 +92,32 @@ diff -up openssh-7.7p1/kex.c.fips openssh-7.7p1/kex.c
 			free(s);
 			return 0;
 		}
-diff -up openssh-7.7p1/kexgexc.c.fips openssh-7.7p1/kexgexc.c
+diff -up openssh-8.0p1/kexgexc.c.fips openssh-8.0p1/kexgexc.c
--- openssh-7.7p1/kexgexc.c.fips	2018-04-02 07:38:28.000000000 +0200
+--- openssh-8.0p1/kexgexc.c.fips	2019-04-18 00:52:57.000000000 +0200
-+++ openssh-7.7p1/kexgexc.c	2018-08-08 10:08:40.822719973 +0200
+++ openssh-8.0p1/kexgexc.c	2019-07-23 14:55:45.402526411 +0200
@@ -28,6 +28,7 @@
 #ifdef WITH_OPENSSL
-+#include <openssl/fips.h>
+#include <openssl/crypto.h>
 #include <sys/types.h>
 #include <openssl/dh.h>
-@@ -63,7 +64,7 @@ kexgex_client(struct ssh *ssh)
+@@ -113,6 +114,10 @@ input_kex_dh_gex_group(int type, u_int32
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
 +	if (FIPS_mode() && dh_is_known_group(kex->dh) == 0) {
 +		r = SSH_ERR_INVALID_ARGUMENT;
 +		goto out;
 +	}
 	p = g = NULL; /* belong to kex->dh now */
- 	nbits = dh_estimate(kex->dh_need * 8);
+ 	/* generate and send 'e', client DH public key */
- 
+diff -up openssh-8.0p1/Makefile.in.fips openssh-8.0p1/Makefile.in
-	kex->min = DH_GRP_MIN;
+--- openssh-8.0p1/Makefile.in.fips	2019-07-23 14:55:45.396526350 +0200
-+	kex->min = FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN;
+++ openssh-8.0p1/Makefile.in	2019-07-23 14:55:45.402526411 +0200
- 	kex->max = DH_GRP_MAX;
+@@ -180,25 +180,25 @@ libssh.a: $(LIBSSH_OBJS)
 	kex->nbits = nbits;
 	if (datafellows & SSH_BUG_DHGEX_LARGE)
 diff -up openssh-7.7p1/kexgexs.c.fips openssh-7.7p1/kexgexs.c
 --- openssh-7.7p1/kexgexs.c.fips	2018-04-02 07:38:28.000000000 +0200
 +++ openssh-7.7p1/kexgexs.c	2018-08-08 10:08:40.823719982 +0200
@@ -82,9 +82,9 @@ input_kex_dh_gex_request(int type, u_int
 	kex->nbits = nbits;
 	kex->min = min;
 	kex->max = max;
 -	min = MAXIMUM(DH_GRP_MIN, min);
 +	min = MAXIMUM(FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN, min);
 	max = MINIMUM(DH_GRP_MAX, max);
 -	nbits = MAXIMUM(DH_GRP_MIN, nbits);
 +	nbits = MAXIMUM(FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN, nbits);
 	nbits = MINIMUM(DH_GRP_MAX, nbits);
 	if (kex->max < kex->min || kex->nbits < kex->min ||
 diff -up openssh-7.7p1/mac.c.fips openssh-7.7p1/mac.c
 --- openssh-7.7p1/mac.c.fips	2018-08-08 10:08:40.815719915 +0200
 +++ openssh-7.7p1/mac.c	2018-08-08 10:11:56.915352642 +0200
@@ -27,6 +27,8 @@
 #include <sys/types.h>
 +#include <openssl/fips.h>
 +
 #include <string.h>
 #include <stdio.h>
@@ -54,7 +56,7 @@ struct macalg {
 	int		etm;		/* Encrypt-then-MAC */
 };
 -static const struct macalg macs[] = {
 +static const struct macalg all_macs[] = {
 	/* Encrypt-and-MAC (encrypt-and-authenticate) variants */
 	{ "hmac-sha1",				SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 },
 	{ "hmac-sha1-96",			SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 },
@@ -82,6 +84,24 @@ static const struct macalg macs[] = {
 	{ NULL,					0, 0, 0, 0, 0, 0 }
 };
 +static const struct macalg fips_macs[] = {
 +	/* Encrypt-and-MAC (encrypt-and-authenticate) variants */
 +	{ "hmac-sha1",				SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 },
 +#ifdef HAVE_EVP_SHA256
 +	{ "hmac-sha2-256",			SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 },
 +	{ "hmac-sha2-512",			SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 },
 +#endif
 +
 +	/* Encrypt-then-MAC variants */
 +	{ "hmac-sha1-etm@openssh.com",		SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 },
 +#ifdef HAVE_EVP_SHA256
 +	{ "hmac-sha2-256-etm@openssh.com",	SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 },
 +	{ "hmac-sha2-512-etm@openssh.com",	SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 },
 +#endif
 +
 +	{ NULL,					0, 0, 0, 0, 0, 0 }
 +};
 +
 /* Returns a list of supported MACs separated by the specified char. */
 char *
 mac_alg_list(char sep)
@@ -90,7 +110,7 @@ mac_alg_list(char sep)
 	size_t nlen, rlen = 0;
 	const struct macalg *m;
 -	for (m = macs; m->name != NULL; m++) {
 +	for (m = FIPS_mode() ? fips_macs : all_macs; m->name != NULL; m++) {
 		if (ret != NULL)
 			ret[rlen++] = sep;
 		nlen = strlen(m->name);
@@ -129,7 +149,7 @@ mac_setup(struct sshmac *mac, char *name
 {
 	const struct macalg *m;
 -	for (m = macs; m->name != NULL; m++) {
 +	for (m = FIPS_mode() ? fips_macs : all_macs; m->name != NULL; m++) {
 		if (strcmp(name, m->name) != 0)
 			continue;
 		if (mac != NULL)
 diff -up openssh-7.7p1/Makefile.in.fips openssh-7.7p1/Makefile.in
 --- openssh-7.7p1/Makefile.in.fips	2018-08-08 10:08:40.815719915 +0200
 +++ openssh-7.7p1/Makefile.in	2018-08-08 10:08:40.823719982 +0200
@@ -179,25 +179,25 @@ libssh.a: $(LIBSSH_OBJS)
 	$(RANLIB) $@
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
@ -293,125 +128,116 @@ diff -up openssh-7.7p1/Makefile.in.fips openssh-7.7p1/Makefile.in
 -	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
 +	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
- scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
+ scp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SCP_OBJS)
- 	$(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ 	$(LD) -o $@ $(SCP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
- ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
+ ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHADD_OBJS)
-	$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+-	$(LD) -o $@ $(SSHADD_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+	$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+	$(LD) -o $@ $(SSHADD_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
- ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
+ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHAGENT_OBJS)
-	$(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+-	$(LD) -o $@ $(SSHAGENT_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+	$(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+	$(LD) -o $@ $(SSHAGENT_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
- ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
+ ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYGEN_OBJS)
-	$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+-	$(LD) -o $@ $(SSHKEYGEN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+	$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+	$(LD) -o $@ $(SSHKEYGEN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
- ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o
+ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSIGN_OBJS)
-	$(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+-	$(LD) -o $@ $(SSHKEYSIGN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+	$(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+	$(LD) -o $@ $(SSHKEYSIGN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
- ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
+ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(P11HELPER_OBJS)
- 	$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+ 	$(LD) -o $@ $(P11HELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
-@@ -215,7 +215,7 @@ ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a
+@@ -216,7 +216,7 @@ ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a
- 	$(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ 	$(LD) -o $@ ssh-cavs.o $(SKOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
- ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
-	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+-	$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
-+	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
+	$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
- sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
+ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTPSERVER_OBJS)
- 	$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ 	$(LD) -o $@ $(SFTPSERVER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-diff -up openssh-7.7p1/myproposal.h.fips openssh-7.7p1/myproposal.h
+diff -up openssh-8.0p1/myproposal.h.fips openssh-8.0p1/myproposal.h
--- openssh-7.7p1/myproposal.h.fips	2018-04-02 07:38:28.000000000 +0200
+--- openssh-8.0p1/myproposal.h.fips	2019-04-18 00:52:57.000000000 +0200
-+++ openssh-7.7p1/myproposal.h	2018-08-08 10:08:40.823719982 +0200
+++ openssh-8.0p1/myproposal.h	2019-07-23 14:55:45.402526411 +0200
-@@ -114,6 +114,14 @@
+@@ -111,6 +111,20 @@
 	"rsa-sha2-256," \
 	"ssh-rsa"
 +#define	KEX_FIPS_PK_ALG	\
-+	HOSTKEY_ECDSA_CERT_METHODS \
+	"ecdsa-sha2-nistp256-cert-v01@openssh.com," \
 +	"ecdsa-sha2-nistp384-cert-v01@openssh.com," \
 +	"ecdsa-sha2-nistp521-cert-v01@openssh.com," \
 +	"rsa-sha2-512-cert-v01@openssh.com," \
 +	"rsa-sha2-256-cert-v01@openssh.com," \
 +	"ssh-rsa-cert-v01@openssh.com," \
-+	HOSTKEY_ECDSA_METHODS \
+	"ecdsa-sha2-nistp256," \
 +	"ecdsa-sha2-nistp384," \
 +	"ecdsa-sha2-nistp521," \
 +	"rsa-sha2-512," \
 +	"rsa-sha2-256," \
 +	"ssh-rsa"
 +
- /* the actual algorithms */
+ #define	KEX_SERVER_ENCRYPT \
- 
+ 	"chacha20-poly1305@openssh.com," \
- #define KEX_SERVER_ENCRYPT \
+ 	"aes128-ctr,aes192-ctr,aes256-ctr," \
-@@ -137,6 +145,38 @@
+@@ -134,6 +142,27 @@
 #define KEX_CLIENT_MAC KEX_SERVER_MAC
 +#define	KEX_FIPS_ENCRYPT \
 +	"aes128-ctr,aes192-ctr,aes256-ctr," \
 +	"aes128-cbc,3des-cbc," \
-+	"aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se" \
+	"aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \
-+	AESGCM_CIPHER_MODES
+	"aes128-gcm@openssh.com,aes256-gcm@openssh.com"
-+#ifdef HAVE_EVP_SHA256
+#define KEX_DEFAULT_KEX_FIPS		\
-+# define KEX_DEFAULT_KEX_FIPS		\
+	"ecdh-sha2-nistp256," \
-+	KEX_ECDH_METHODS \
+	"ecdh-sha2-nistp384," \
-+	KEX_SHA2_METHODS \
+	"ecdh-sha2-nistp521," \
 +	"diffie-hellman-group-exchange-sha256," \
 +	"diffie-hellman-group16-sha512," \
 +	"diffie-hellman-group18-sha512," \
 +	"diffie-hellman-group14-sha256"
-+# define KEX_FIPS_MAC \
+#define KEX_FIPS_MAC \
 +	"hmac-sha1," \
 +	"hmac-sha2-256," \
 +	"hmac-sha2-512," \
 +	"hmac-sha1-etm@openssh.com," \
 +	"hmac-sha2-256-etm@openssh.com," \
 +	"hmac-sha2-512-etm@openssh.com"
 +#else
 +# ifdef OPENSSL_HAS_NISTP521
 +#  define KEX_DEFAULT_KEX_FIPS		\
 +	"ecdh-sha2-nistp256," \
 +	"ecdh-sha2-nistp384," \
 +	"ecdh-sha2-nistp521"
 +# else
 +#  define KEX_DEFAULT_KEX_FIPS		\
 +	"ecdh-sha2-nistp256," \
 +	"ecdh-sha2-nistp384"
 +# endif
 +#define        KEX_FIPS_MAC \
 +       "hmac-sha1"
 +#endif
 +
- #else /* WITH_OPENSSL */
+ /* Not a KEX value, but here so all the algorithm defaults are together */
- 
+ #define	SSH_ALLOWED_CA_SIGALGS	\
- #define KEX_SERVER_KEX		\
+ 	"ecdsa-sha2-nistp256," \
-diff -up openssh-7.7p1/readconf.c.fips openssh-7.7p1/readconf.c
+diff -up openssh-8.0p1/readconf.c.fips openssh-8.0p1/readconf.c
--- openssh-7.7p1/readconf.c.fips	2018-08-08 10:08:40.769719527 +0200
+--- openssh-8.0p1/readconf.c.fips	2019-07-23 14:55:45.334525723 +0200
-+++ openssh-7.7p1/readconf.c	2018-08-08 10:08:40.824719990 +0200
+++ openssh-8.0p1/readconf.c	2019-07-23 14:55:45.402526411 +0200
-@@ -2081,17 +2081,18 @@ fill_default_options(Options * options)
+@@ -2179,11 +2179,16 @@ fill_default_options(Options * options)
 	all_mac = mac_alg_list(',');
 	all_kex = kex_alg_list(',');
 	all_key = sshkey_alg_list(0, 0, 1, ',');
-#define ASSEMBLE(what, defaults, all) \
+ 	all_sig = sshkey_alg_list(0, 1, 1, ',');
-+#define ASSEMBLE(what, defaults, fips_defaults, all) \
+ 	/* remove unsupported algos from default lists */
 -	def_cipher = match_filter_whitelist(KEX_CLIENT_ENCRYPT, all_cipher);
 -	def_mac = match_filter_whitelist(KEX_CLIENT_MAC, all_mac);
 -	def_kex = match_filter_whitelist(KEX_CLIENT_KEX, all_kex);
 -	def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key);
 -	def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig);
 +	def_cipher = match_filter_whitelist((FIPS_mode() ?
 +	    KEX_FIPS_ENCRYPT : KEX_CLIENT_ENCRYPT), all_cipher);
 +	def_mac = match_filter_whitelist((FIPS_mode() ?
 +	    KEX_FIPS_MAC : KEX_CLIENT_MAC), all_mac);
 +	def_kex = match_filter_whitelist((FIPS_mode() ?
 +	    KEX_DEFAULT_KEX_FIPS : KEX_CLIENT_KEX), all_kex);
 +	def_key = match_filter_whitelist((FIPS_mode() ?
 +	    KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG), all_key);
 +	def_sig = match_filter_whitelist((FIPS_mode() ?
 +	    KEX_FIPS_PK_ALG : SSH_ALLOWED_CA_SIGALGS), all_sig);
 #define ASSEMBLE(what, defaults, all) \
 	do { \
 		if ((r = kex_assemble_names(&options->what, \
-		    defaults, all)) != 0) \
+diff -up openssh-8.0p1/sandbox-seccomp-filter.c.fips openssh-8.0p1/sandbox-seccomp-filter.c
-+		    (FIPS_mode() ? fips_defaults : defaults), \
+--- openssh-8.0p1/sandbox-seccomp-filter.c.fips	2019-07-23 14:55:45.373526117 +0200
-+		    all)) != 0) \
+++ openssh-8.0p1/sandbox-seccomp-filter.c	2019-07-23 14:55:45.402526411 +0200
 			fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
 	} while (0)
 -	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
 -	ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
 -	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
 -	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
 -	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
 +	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
 +	ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
 +	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
 +	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
 +	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
 #undef ASSEMBLE
 	free(all_cipher);
 	free(all_mac);
 diff -up openssh-7.7p1/sandbox-seccomp-filter.c.fips openssh-7.7p1/sandbox-seccomp-filter.c
 --- openssh-7.7p1/sandbox-seccomp-filter.c.fips	2018-08-08 10:08:40.794719737 +0200
 +++ openssh-7.7p1/sandbox-seccomp-filter.c	2018-08-08 10:08:40.824719990 +0200
@@ -137,6 +137,9 @@ static const struct sock_filter preauth_
 #ifdef __NR_open
 	SC_DENY(__NR_open, EACCES),
@ -422,53 +248,50 @@ diff -up openssh-7.7p1/sandbox-seccomp-filter.c.fips openssh-7.7p1/sandbox-secco
 #ifdef __NR_openat
 	SC_DENY(__NR_openat, EACCES),
 #endif
-diff -up openssh-7.7p1/servconf.c.fips openssh-7.7p1/servconf.c
+diff -up openssh-8.0p1/servconf.c.fips openssh-8.0p1/servconf.c
--- openssh-7.7p1/servconf.c.fips	2018-08-08 10:08:40.778719603 +0200
+--- openssh-8.0p1/servconf.c.fips	2019-07-23 14:55:45.361525996 +0200
-+++ openssh-7.7p1/servconf.c	2018-08-08 10:08:40.824719990 +0200
+++ openssh-8.0p1/servconf.c	2019-07-23 14:55:45.403526421 +0200
-@@ -196,17 +196,18 @@ option_clear_or_none(const char *o)
+@@ -208,11 +208,16 @@ assemble_algorithms(ServerOptions *o)
 	all_mac = mac_alg_list(',');
 	all_kex = kex_alg_list(',');
 	all_key = sshkey_alg_list(0, 0, 1, ',');
-#define ASSEMBLE(what, defaults, all) \
+ 	all_sig = sshkey_alg_list(0, 1, 1, ',');
-+#define ASSEMBLE(what, defaults, fips_defaults, all) \
+ 	/* remove unsupported algos from default lists */
 -	def_cipher = match_filter_whitelist(KEX_SERVER_ENCRYPT, all_cipher);
 -	def_mac = match_filter_whitelist(KEX_SERVER_MAC, all_mac);
 -	def_kex = match_filter_whitelist(KEX_SERVER_KEX, all_kex);
 -	def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key);
 -	def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig);
 +	def_cipher = match_filter_whitelist((FIPS_mode() ?
 +	    KEX_FIPS_ENCRYPT : KEX_SERVER_ENCRYPT), all_cipher);
 +	def_mac = match_filter_whitelist((FIPS_mode() ?
 +	    KEX_FIPS_MAC : KEX_SERVER_MAC), all_mac);
 +	def_kex = match_filter_whitelist((FIPS_mode() ?
 +	    KEX_DEFAULT_KEX_FIPS : KEX_SERVER_KEX), all_kex);
 +	def_key = match_filter_whitelist((FIPS_mode() ?
 +	    KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG), all_key);
 +	def_sig = match_filter_whitelist((FIPS_mode() ?
 +	    KEX_FIPS_PK_ALG : SSH_ALLOWED_CA_SIGALGS), all_sig);
 #define ASSEMBLE(what, defaults, all) \
 	do { \
-		if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
+ 		if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
-+		if ((r = kex_assemble_names(&o->what, (FIPS_mode() \
+diff -up openssh-8.0p1/ssh.c.fips openssh-8.0p1/ssh.c
-+		    ? fips_defaults : defaults), all)) != 0) \
+--- openssh-8.0p1/ssh.c.fips	2019-07-23 14:55:45.378526168 +0200
- 			fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
+++ openssh-8.0p1/ssh.c	2019-07-23 14:55:45.403526421 +0200
 	} while (0)
 -	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
 -	ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
 -	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
 -	ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
 -	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
 -	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
 +	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
 +	ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
 +	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
 +	ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
 +	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
 +	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
 #undef ASSEMBLE
 	free(all_cipher);
 	free(all_mac);
 diff -up openssh-7.7p1/ssh.c.fips openssh-7.7p1/ssh.c
 --- openssh-7.7p1/ssh.c.fips	2018-08-08 10:08:40.811719881 +0200
 +++ openssh-7.7p1/ssh.c	2018-08-08 10:08:40.825719999 +0200
@@ -76,6 +76,8 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #endif
-+#include <openssl/fips.h>
+#include <openssl/crypto.h>
 +#include <fipscheck.h>
 #include "openbsd-compat/openssl-compat.h"
 #include "openbsd-compat/sys-queue.h"
-@@ -579,6 +581,14 @@ main(int ac, char **av)
+@@ -600,6 +602,16 @@ main(int ac, char **av)
 	sanitise_stdfd();
 	__progname = ssh_get_progname(av[0]);
-+        SSLeay_add_all_algorithms();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +	SSLeay_add_all_algorithms();
 +#endif
 +	if (access("/etc/system-fips", F_OK) == 0)
 +		if (! FIPSCHECK_verify(NULL, NULL)){
 +			if (FIPS_mode())
@ -479,111 +302,90 @@ diff -up openssh-7.7p1/ssh.c.fips openssh-7.7p1/ssh.c
 #ifndef HAVE_SETPROCTITLE
 	/* Prepare for later setproctitle emulation */
-@@ -1045,7 +1055,6 @@ main(int ac, char **av)
+@@ -614,6 +626,10 @@ main(int ac, char **av)
 	host_arg = xstrdup(host);
 #ifdef WITH_OPENSSL
 -	OpenSSL_add_all_algorithms();
 	ERR_load_crypto_strings();
 #endif
@@ -1268,6 +1277,10 @@ main(int ac, char **av)
 	seed_rng();
 +	if (FIPS_mode()) {
-+		logit("FIPS mode initialized");
+		debug("FIPS mode initialized");
 +	}
 +
- 	if (options.user == NULL)
+ 	/*
- 		options.user = xstrdup(pw->pw_name);
+ 	 * Discard other fds that are hanging around. These can cause problem
- 
+ 	 * with backgrounded ssh processes started by ControlPersist.
-diff -up openssh-7.7p1/sshconnect2.c.fips openssh-7.7p1/sshconnect2.c
+diff -up openssh-8.0p1/sshconnect2.c.fips openssh-8.0p1/sshconnect2.c
--- openssh-7.7p1/sshconnect2.c.fips	2018-08-08 10:08:40.786719670 +0200
+--- openssh-8.0p1/sshconnect2.c.fips	2019-07-23 14:55:45.336525743 +0200
-+++ openssh-7.7p1/sshconnect2.c	2018-08-08 10:08:40.825719999 +0200
+++ openssh-8.0p1/sshconnect2.c	2019-07-23 14:55:45.403526421 +0200
@@ -44,6 +44,8 @@
 #include <vis.h>
 #endif
-+#include <openssl/fips.h>
+#include <openssl/crypto.h>
 +
 #include "openbsd-compat/sys-queue.h"
 #include "xmalloc.h"
-@@ -235,7 +237,8 @@ order_hostkeyalgs(char *host, struct soc
+@@ -198,29 +203,34 @@ ssh_kex2(struct ssh *ssh, char *host, st
 	for (i = 0; i < options.num_system_hostfiles; i++)
 		load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
-	oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG);
+ #if defined(GSSAPI) && defined(WITH_OPENSSL)
 +	oavail = avail = xstrdup((FIPS_mode()
 +	    ? KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG));
 	maxlen = strlen(avail) + 1;
 	first = xmalloc(maxlen);
 	last = xmalloc(maxlen);
@@ -290,21 +293,26 @@ ssh_kex2(char *host, struct sockaddr *ho
 #ifdef GSSAPI
 	if (options.gss_keyex) {
 -		/* Add the GSSAPI mechanisms currently supported on this
 -		 * client to the key exchange algorithm proposal */
-		orig = options.kex_algorithms;
+-		orig = myproposal[PROPOSAL_KEX_ALGS];
 -
-		if (options.gss_trust_dns)
+-		if (options.gss_server_identity)
-			gss_host = (char *)get_canonical_hostname(active_state, 1);
+-			gss_host = xstrdup(options.gss_server_identity);
 -		else if (options.gss_trust_dns)
 -			gss_host = remote_hostname(ssh);
 -		else
-			gss_host = host;
+-			gss_host = xstrdup(host);
 -
 -		gss = ssh_gssapi_client_mechanisms(gss_host,
 -		    options.gss_client_identity, options.gss_kex_algorithms);
 -		if (gss) {
 -			debug("Offering GSSAPI proposal: %s", gss);
-			xasprintf(&options.kex_algorithms,
+-			xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
 -			    "%s,%s", gss, orig);
 -
 -			/* If we've got GSSAPI algorithms, then we also support the
 -			 * 'null' hostkey, as a last resort */
 -			orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
 -			xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
 -			    "%s,null", orig);
 +		if (FIPS_mode()) {
 +			logit("Disabling GSSAPIKeyExchange. Not usable in FIPS mode");
 +			options.gss_keyex = 0;
 +		} else {
 +			/* Add the GSSAPI mechanisms currently supported on this
 +			 * client to the key exchange algorithm proposal */
-+			orig = options.kex_algorithms;
+			orig = myproposal[PROPOSAL_KEX_ALGS];
 +
-+			if (options.gss_trust_dns)
+			if (options.gss_server_identity)
-+				gss_host = (char *)get_canonical_hostname(active_state, 1);
+				gss_host = xstrdup(options.gss_server_identity);
 +			else if (options.gss_trust_dns)
 +				gss_host = remote_hostname(ssh);
 +			else
-+				gss_host = host;
+				gss_host = xstrdup(host);
 +
 +			gss = ssh_gssapi_client_mechanisms(gss_host,
 +			    options.gss_client_identity, options.gss_kex_algorithms);
 +			if (gss) {
 +				debug("Offering GSSAPI proposal: %s", gss);
-+				xasprintf(&options.kex_algorithms,
+				xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
 +				    "%s,%s", gss, orig);
 +
 +				/* If we've got GSSAPI algorithms, then we also support the
 +				 * 'null' hostkey, as a last resort */
 +				orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
 +				xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
 +				    "%s,null", orig);
 +			}
 		}
 	}
 #endif
-@@ -322,14 +330,16 @@ ssh_kex2(char *host, struct sockaddr *ho
+diff -up openssh-8.0p1/sshd.c.fips openssh-8.0p1/sshd.c
- 	if (options.hostkeyalgorithms != NULL) {
+--- openssh-8.0p1/sshd.c.fips	2019-07-23 14:55:45.398526371 +0200
- 		all_key = sshkey_alg_list(0, 0, 1, ',');
+++ openssh-8.0p1/sshd.c	2019-07-23 14:55:45.403526421 +0200
 		if (kex_assemble_names(&options.hostkeyalgorithms,
 -		    KEX_DEFAULT_PK_ALG, all_key) != 0)
 +		    (FIPS_mode() ? KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG),
 +		    all_key) != 0)
 			fatal("%s: kex_assemble_namelist", __func__);
 		free(all_key);
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
 		    compat_pkalg_proposal(options.hostkeyalgorithms);
 	} else {
 		/* Enforce default */
 -		options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
 +		options.hostkeyalgorithms = xstrdup((FIPS_mode()
 +		    ? KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG));
 		/* Prefer algorithms that we already have keys for */
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
 		    compat_pkalg_proposal(
 diff -up openssh-7.7p1/sshd.c.fips openssh-7.7p1/sshd.c
 --- openssh-7.7p1/sshd.c.fips	2018-08-08 10:08:40.818719940 +0200
 +++ openssh-7.7p1/sshd.c	2018-08-08 10:08:40.826720007 +0200
@@ -66,6 +66,7 @@
 #include <grp.h>
 #include <pwd.h>
@ -596,16 +398,16 @@ diff -up openssh-7.7p1/sshd.c.fips openssh-7.7p1/sshd.c
 #include <openssl/dh.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
-+#include <openssl/fips.h>
+#include <openssl/crypto.h>
 +#include <fipscheck.h>
 #include "openbsd-compat/openssl-compat.h"
 #endif
-@@ -1534,6 +1537,18 @@ main(int ac, char **av)
+@@ -1529,6 +1532,18 @@ main(int ac, char **av)
 #endif
 	__progname = ssh_get_progname(av[0]);
-+        SSLeay_add_all_algorithms();
+	OpenSSL_add_all_algorithms();
 +	if (access("/etc/system-fips", F_OK) == 0)
 +		if (! FIPSCHECK_verify(NULL, NULL)) {
 +			openlog(__progname, LOG_PID, LOG_AUTHPRIV);
@ -620,27 +422,18 @@ diff -up openssh-7.7p1/sshd.c.fips openssh-7.7p1/sshd.c
 	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
 	saved_argc = ac;
 	rexec_argc = ac;
-@@ -1675,7 +1690,7 @@ main(int ac, char **av)
+@@ -1992,6 +2007,10 @@ main(int ac, char **av)
 	else
 		closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
 -#ifdef WITH_OPENSSL
 +#if 0 /* FIPS */
 	OpenSSL_add_all_algorithms();
 #endif
@@ -1979,6 +1994,10 @@ main(int ac, char **av)
 	/* Reinitialize the log (because of the fork above). */
 	log_init(__progname, options.log_level, options.log_facility, log_stderr);
 +	if (FIPS_mode()) {
-+		logit("FIPS mode initialized");
+		debug("FIPS mode initialized");
 +	}
 +
 	/* Chdir to the root directory so that the current disk can be
 	   unmounted if desired. */
 	if (chdir("/") == -1)
-@@ -2359,10 +2378,14 @@ do_ssh2_kex(void)
+@@ -2382,10 +2401,14 @@ do_ssh2_kex(struct ssh *ssh)
 	if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
 		orig = NULL;
@ -659,26 +452,26 @@ diff -up openssh-7.7p1/sshd.c.fips openssh-7.7p1/sshd.c
 	if (gss && orig)
 		xasprintf(&newstr, "%s,%s", gss, orig);
-diff -up openssh-7.7p1/sshkey.c.fips openssh-7.7p1/sshkey.c
+diff -up openssh-8.0p1/sshkey.c.fips openssh-8.0p1/sshkey.c
--- openssh-7.7p1/sshkey.c.fips	2018-08-08 10:08:40.818719940 +0200
+--- openssh-8.0p1/sshkey.c.fips	2019-07-23 14:55:45.398526371 +0200
-+++ openssh-7.7p1/sshkey.c	2018-08-08 10:08:40.826720007 +0200
+++ openssh-8.0p1/sshkey.c	2019-07-23 14:55:45.404526431 +0200
@@ -34,6 +34,7 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
-+#include <openssl/fips.h>
+#include <openssl/crypto.h>
 #endif
 #include "crypto_api.h"
@@ -57,6 +58,7 @@
 #define SSHKEY_INTERNAL
 #include "sshkey.h"
 #include "sshkey-xmss.h"
 #include "match.h"
 +#include "log.h"
 #include "ssh-sk.h"
- #include "xmss_fast.h"
+ #ifdef WITH_XMSS
- 
+@@ -1591,6 +1593,8 @@ rsa_generate_private_key(u_int bits, RSA
@@ -1526,6 +1528,8 @@ rsa_generate_private_key(u_int bits, RSA
 	}
 	if (!BN_set_word(f4, RSA_F4) ||
 	    !RSA_generate_key_ex(private, bits, f4, NULL)) {
@ -687,13 +480,13 @@ diff -up openssh-7.7p1/sshkey.c.fips openssh-7.7p1/sshkey.c
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
-diff -up openssh-7.7p1/ssh-keygen.c.fips openssh-7.7p1/ssh-keygen.c
+diff -up openssh-8.0p1/ssh-keygen.c.fips openssh-8.0p1/ssh-keygen.c
--- openssh-7.7p1/ssh-keygen.c.fips	2018-08-08 10:08:40.801719797 +0200
+--- openssh-8.0p1/ssh-keygen.c.fips	2019-07-23 14:55:45.391526300 +0200
-+++ openssh-7.7p1/ssh-keygen.c	2018-08-08 10:08:40.827720016 +0200
+++ openssh-8.0p1/ssh-keygen.c	2019-07-23 14:57:54.118830056 +0200
-@@ -229,6 +229,12 @@ type_bits_valid(int type, const char *na
+@@ -199,6 +199,12 @@ type_bits_valid(int type, const char *na
- 	    OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
+ #endif
- 	if (*bitsp > maxbits)
+ 	}
- 		fatal("key bits exceeds maximum %d", maxbits);
+ #ifdef WITH_OPENSSL
 +	if (FIPS_mode()) {
 +		if (type == KEY_DSA)
 +			fatal("DSA keys are not allowed in FIPS mode");
@ -703,3 +496,22 @@ diff -up openssh-7.7p1/ssh-keygen.c.fips openssh-7.7p1/ssh-keygen.c
 	switch (type) {
 	case KEY_DSA:
 		if (*bitsp != 1024)
@@ -1029,9 +1035,17 @@ do_gen_all_hostkeys(struct passwd *pw)
 			first = 1;
 			printf("%s: generating new host keys: ", __progname);
 		}
 +		type = sshkey_type_from_name(key_types[i].key_type);
 +
 +		/* Skip the keys that are not supported in FIPS mode */
 +		if (FIPS_mode() && (type == KEY_DSA || type == KEY_ED25519)) {
 +			logit("Skipping %s key in FIPS mode",
 +			    key_types[i].key_type_display);
 +			goto next;
 +		}
 +
 		printf("%s ", key_types[i].key_type_display);
 		fflush(stdout);
 -		type = sshkey_type_from_name(key_types[i].key_type);
 		if ((fd = mkstemp(prv_tmp)) == -1) {
 			error("Could not save your public key in %s: %s",
 			    prv_tmp, strerror(errno));
--- a/openssh-7.7p1-gssapi-new-unique.patch
+++ b/openssh-7.7p1-gssapi-new-unique.patch
@ -84,7 +84,7 @@ index a5a81ed2..63f877f2 100644
 +			/* There is at least one other ccache in collection
 +			 * we can switch to */
 +			krb5_cc_switch(ctx, ccache);
-+		} else {
+		} else if (authctxt->krb5_ccname != NULL) {
 +			/* Clean up the collection too */
 +			strncpy(krb5_ccname, authctxt->krb5_ccname, sizeof(krb5_ccname) - 10);
 +			krb5_ccname_dir_start = strchr(krb5_ccname, ':') + 1;
@ -113,29 +113,12 @@ index a5a81ed2..63f877f2 100644
 	if (authctxt->krb5_user) {
 		krb5_free_principal(authctxt->krb5_ctx, authctxt->krb5_user);
 		authctxt->krb5_user = NULL;
-@@ -237,36 +287,186 @@ krb5_cleanup_proc(Authctxt *authctxt)
+@@ -237,36 +281,188 @@ krb5_cleanup_proc(Authctxt *authctxt)
 	}
 }
 -#ifndef HEIMDAL
-krb5_error_code
+
 -ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
 -	int tmpfd, ret, oerrno;
 -	char ccname[40];
 -	mode_t old_umask;
 -	ret = snprintf(ccname, sizeof(ccname),
 -	    "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
 -	if (ret < 0 || (size_t)ret >= sizeof(ccname))
 -		return ENOMEM;
 -
 -	old_umask = umask(0177);
 -	tmpfd = mkstemp(ccname + strlen("FILE:"));
 -	oerrno = errno;
 -	umask(old_umask);
 -	if (tmpfd == -1) {
 -		logit("mkstemp(): %.100s", strerror(oerrno));
 -		return oerrno;
 +#if !defined(HEIMDAL)
 +int
 +ssh_asprintf_append(char **dsc, const char *fmt, ...) {
@ -195,14 +178,13 @@ index a5a81ed2..63f877f2 100644
 +			continue;
 +		} else {
 +			p_o = strchr(p_n, '}') + 1;
-+			p_o = '\0';
+			*p_o = '\0';
 +			debug("%s: unsupported token %s in %s", __func__, p_n, template);
 +			/* unknown token, fallback to the default */
 +			goto cleanup;
 +		}
- 	}
+	}
- 
+
 -	if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
 +	if (ssh_asprintf_append(&r, "%s", p_o) == -1)
 +		goto cleanup;
 +
@ -216,7 +198,10 @@ index a5a81ed2..63f877f2 100644
 +	return -1;
 +}
 +
-+krb5_error_code
+ krb5_error_code
 -ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
 -	int tmpfd, ret, oerrno;
 -	char ccname[40];
 +ssh_krb5_get_cctemplate(krb5_context ctx, char **ccname) {
 +	profile_t p;
 +	int ret = 0;
@ -241,14 +226,27 @@ index a5a81ed2..63f877f2 100644
 +ssh_krb5_cc_new_unique(krb5_context ctx, krb5_ccache *ccache, int *need_environment) {
 +	int tmpfd, ret, oerrno, type_len;
 +	char *ccname = NULL;
-+	mode_t old_umask;
+ 	mode_t old_umask;
 +	char *type = NULL, *colon = NULL;
-+
+ 
 -	ret = snprintf(ccname, sizeof(ccname),
 -	    "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
 -	if (ret < 0 || (size_t)ret >= sizeof(ccname))
 -		return ENOMEM;
 -
 -	old_umask = umask(0177);
 -	tmpfd = mkstemp(ccname + strlen("FILE:"));
 -	oerrno = errno;
 -	umask(old_umask);
 -	if (tmpfd == -1) {
 -		logit("mkstemp(): %.100s", strerror(oerrno));
 -		return oerrno;
 -	}
 +	debug3("%s: called", __func__);
 +	if (need_environment)
 +		*need_environment = 0;
 +	ret = ssh_krb5_get_cctemplate(ctx, &ccname);
-+	if (ret || !ccname || options.kerberos_unique_ticket) {
+	if (ret || !ccname || options.kerberos_unique_ccache) {
 +		/* Otherwise, go with the old method */
 +		if (ccname)
 +			free(ccname);
@ -258,7 +256,8 @@ index a5a81ed2..63f877f2 100644
 +		    "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
 +		if (ret < 0)
 +			return ENOMEM;
-+
+ 
 -	if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
 +		old_umask = umask(0177);
 +		tmpfd = mkstemp(ccname + strlen("FILE:"));
 		oerrno = errno;
@ -307,6 +306,7 @@ index a5a81ed2..63f877f2 100644
 +	if (krb5_cc_support_switch(ctx, type)) {
 +		debug3("%s: calling cc_new_unique(%s)", __func__, ccname);
 +		ret = krb5_cc_new_unique(ctx, type, NULL, ccache);
 +		free(type);
 +		if (ret)
 +			return ret;
 +
@ -317,6 +317,7 @@ index a5a81ed2..63f877f2 100644
 +		 * it is already unique from above or the type does not support
 +		 * collections
 +		 */
 +		free(type);
 +		debug3("%s: calling cc_resolve(%s)", __func__, ccname);
 +		return (krb5_cc_resolve(ctx, ccname, ccache));
 +	}
@ -335,19 +336,19 @@ index 29491df9..fdab5040 100644
 #endif
 	struct sshbuf	*loginmsg;
-@@ -243,6 +244,6 @@ int	 sys_auth_passwd(struct ssh *, const char *);
+@@ -238,7 +239,7 @@ int	 sys_auth_passwd(struct ssh *, const char *);
 int	 sys_auth_passwd(struct ssh *, const char *);
 #if defined(KRB5) && !defined(HEIMDAL)
 #include <krb5.h>
 -krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *);
 +krb5_error_code ssh_krb5_cc_new_unique(krb5_context, krb5_ccache *, int *);
 #endif
- #endif
+ 
-diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
+ #endif /* AUTH_H */
-index 795992d9..0623a107 100644
+diff -up openssh-7.9p1/gss-serv-krb5.c.ccache_name openssh-7.9p1/gss-serv-krb5.c
--- a/gss-serv-krb5.c
+--- openssh-7.9p1/gss-serv-krb5.c.ccache_name	2019-03-01 15:17:42.708611802 +0100
-+++ b/gss-serv-krb5.c
+++ openssh-7.9p1/gss-serv-krb5.c	2019-03-01 15:17:42.713611844 +0100
-@@ -114,7 +114,7 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
+@@ -267,7 +267,7 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri
 /* This writes out any forwarded credentials from the structure populated
  * during userauth. Called after we have setuid to the user */
@ -356,12 +357,9 @@ index 795992d9..0623a107 100644
 ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
 {
 	krb5_ccache ccache;
-@@ -121,16 +121,17 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+@@ -276,14 +276,15 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
 	krb5_error_code problem;
 	krb5_principal princ;
 	OM_uint32 maj_status, min_status;
-	const char *new_ccname, *new_cctype;
+ 	const char *new_ccname, *new_cctype;
 +	int len;
 	const char *errmsg;
 +	int set_env = 0;
@ -377,7 +375,7 @@ index 795992d9..0623a107 100644
 #ifdef HEIMDAL
 # ifdef HAVE_KRB5_CC_NEW_UNIQUE
-@@ -144,14 +145,14 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+@@ -297,14 +298,14 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
 		krb5_get_err_text(krb_context, problem));
 # endif
 		krb5_free_error_message(krb_context, errmsg);
@ -396,7 +394,7 @@ index 795992d9..0623a107 100644
 	}
 #endif	/* #ifdef HEIMDAL */
-@@ -160,7 +161,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+@@ -313,7 +314,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
 		errmsg = krb5_get_error_message(krb_context, problem);
 		logit("krb5_parse_name(): %.100s", errmsg);
 		krb5_free_error_message(krb_context, errmsg);
@ -405,7 +403,7 @@ index 795992d9..0623a107 100644
 	}
 	if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) {
-@@ -169,7 +170,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+@@ -322,7 +323,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
 		krb5_free_error_message(krb_context, errmsg);
 		krb5_free_principal(krb_context, princ);
 		krb5_cc_destroy(krb_context, ccache);
@ -414,7 +412,7 @@ index 795992d9..0623a107 100644
 	}
 	krb5_free_principal(krb_context, princ);
-@@ -178,37 +179,27 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+@@ -331,32 +332,21 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
 	    client->creds, ccache))) {
 		logit("gss_krb5_copy_ccache() failed");
 		krb5_cc_destroy(krb_context, ccache);
@ -422,30 +420,29 @@ index 795992d9..0623a107 100644
 +		return 0;
 	}
-	new_cctype = krb5_cc_get_type(krb_context, ccache);
+ 	new_cctype = krb5_cc_get_type(krb_context, ccache);
-	new_ccname = krb5_cc_get_name(krb_context, ccache);
+ 	new_ccname = krb5_cc_get_name(krb_context, ccache);
 -
 -	client->store.envvar = "KRB5CCNAME";
 -#ifdef USE_CCAPI
 -	xasprintf(&client->store.envval, "API:%s", new_ccname);
 -	client->store.filename = NULL;
 -#else
 -	if (new_ccname[0] == ':')
 -		new_ccname++;
-	xasprintf(&client->store.envval, "%s:%s", new_cctype, new_ccname);
+ 	xasprintf(&client->store.envval, "%s:%s", new_cctype, new_ccname);
 -	if (strcmp(new_cctype, "DIR") == 0) {
 -		char *p;
 -		p = strrchr(client->store.envval, '/');
 -		if (p)
 -			*p = '\0';
-	}
+
 -#endif
 +	if (set_env) {
 +		const char *filename = krb5_cc_get_name(krb_context, ccache);
 +		client->store.envvar = "KRB5CCNAME";
-+		len = strlen(filename) + 6;
+ 	}
-+		client->store.envval = xmalloc(len);
+ 	if ((strcmp(new_cctype, "FILE") == 0) || (strcmp(new_cctype, "DIR") == 0))
-+		snprintf(client->store.envval, len, "FILE:%s", filename);
+ 		client->store.filename = xstrdup(new_ccname);
-+	}
+-#endif
 #ifdef USE_PAM
 -	if (options.use_pam)
@ -453,7 +450,7 @@ index 795992d9..0623a107 100644
 		do_pam_putenv(client->store.envvar, client->store.envval);
 #endif
- 	krb5_cc_close(krb_context, ccache);
+@@ -361,7 +355,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
 	client->store.data = krb_context;
@ -484,15 +481,25 @@ index 6cae720e..16e55cbc 100644
 }
 /* This allows GSSAPI methods to do things to the childs environment based
-diff --git a/servconf.c b/servconf.c
+@@ -498,9 +500,7 @@ ssh_gssapi_rekey_creds() {
-index cb578658..a6e01df2 100644
+ 	char *envstr;
--- a/servconf.c
+ #endif
-+++ b/servconf.c
+ 
-@@ -122,6 +122,7 @@ initialize_server_options(ServerOptions *options)
+-	if (gssapi_client.store.filename == NULL &&
 -	    gssapi_client.store.envval == NULL &&
 -	    gssapi_client.store.envvar == NULL)
 +	if (gssapi_client.store.envval == NULL)
 		return;
 	ok = PRIVSEP(ssh_gssapi_update_creds(&gssapi_client.store));
 diff -up openssh-7.9p1/servconf.c.ccache_name openssh-7.9p1/servconf.c
 --- openssh-7.9p1/servconf.c.ccache_name	2019-03-01 15:17:42.704611768 +0100
 +++ openssh-7.9p1/servconf.c	2019-03-01 15:17:42.713611844 +0100
@@ -123,6 +123,7 @@ initialize_server_options(ServerOptions
 	options->kerberos_or_local_passwd = -1;
 	options->kerberos_ticket_cleanup = -1;
 	options->kerberos_get_afs_token = -1;
-+	options->kerberos_unique_ticket = -1;
+	options->kerberos_unique_ccache = -1;
 	options->gss_authentication=-1;
 	options->gss_keyex = -1;
 	options->gss_cleanup_creds = -1;
@ -500,8 +507,8 @@ index cb578658..a6e01df2 100644
 		options->kerberos_ticket_cleanup = 1;
 	if (options->kerberos_get_afs_token == -1)
 		options->kerberos_get_afs_token = 0;
-+	if (options->kerberos_unique_ticket == -1)
+	if (options->kerberos_unique_ccache == -1)
-+		options->kerberos_unique_ticket = 0;
+		options->kerberos_unique_ccache = 0;
 	if (options->gss_authentication == -1)
 		options->gss_authentication = 0;
 	if (options->gss_keyex == -1)
@ -510,7 +517,7 @@ index cb578658..a6e01df2 100644
 	sRhostsRSAAuthentication, sRSAAuthentication,
 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
 -	sKerberosGetAFSToken, sChallengeResponseAuthentication,
-+	sKerberosGetAFSToken, sKerberosUniqueTicket,
+	sKerberosGetAFSToken, sKerberosUniqueCCache,
 +	sChallengeResponseAuthentication,
 	sPasswordAuthentication, sKbdInteractiveAuthentication,
 	sListenAddress, sAddressFamily,
@ -519,13 +526,13 @@ index cb578658..a6e01df2 100644
 #else
 	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
 #endif
-+	{ "kerberosuniqueticket", sKerberosUniqueTicket, SSHCFG_GLOBAL },
+	{ "kerberosuniqueccache", sKerberosUniqueCCache, SSHCFG_GLOBAL },
 #else
 	{ "kerberosauthentication", sUnsupported, SSHCFG_ALL },
 	{ "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
 	{ "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
 	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
-+	{ "kerberosuniqueticket", sUnsupported, SSHCFG_GLOBAL },
+	{ "kerberosuniqueccache", sUnsupported, SSHCFG_GLOBAL },
 #endif
 	{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
 	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
@ -533,8 +540,8 @@ index cb578658..a6e01df2 100644
 		intptr = &options->kerberos_get_afs_token;
 		goto parse_flag;
-+	case sKerberosUniqueTicket:
+	case sKerberosUniqueCCache:
-+		intptr = &options->kerberos_unique_ticket;
+		intptr = &options->kerberos_unique_ccache;
 +		goto parse_flag;
 +
 	case sGssAuthentication:
@ -544,7 +551,7 @@ index cb578658..a6e01df2 100644
 # ifdef USE_AFS
 	dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
 # endif
-+	dump_cfg_fmtint(sKerberosUniqueTicket, o->kerberos_unique_ticket);
+	dump_cfg_fmtint(sKerberosUniqueCCache, o->kerberos_unique_ccache);
 #endif
 #ifdef GSSAPI
 	dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
@ -556,7 +563,7 @@ index db8362c6..4fa42d64 100644
 						 * file on logout. */
 	int     kerberos_get_afs_token;		/* If true, try to get AFS token if
 						 * authenticated with Kerberos. */
-+	int     kerberos_unique_ticket;		/* If true, the aquired ticket will
+	int     kerberos_unique_ccache;		/* If true, the acquired ticket will
 +						 * be stored in per-session ccache */
 	int     gss_authentication;	/* If true, permit GSSAPI authentication */
 	int     gss_keyex;		/* If true, permit GSSAPI key exchange */
@ -588,14 +595,6 @@ diff --git a/ssh-gss.h b/ssh-gss.h
 index 6593e422..245178af 100644
 --- a/ssh-gss.h
 +++ b/ssh-gss.h
@@ -62,7 +62,6 @@
 #define KEX_GSS_GEX_SHA1_ID				"gss-gex-sha1-"
 typedef struct {
 -	char *filename;
 	char *envvar;
 	char *envval;
 	struct passwd *owner;
@@ -83,7 +82,7 @@ typedef struct ssh_gssapi_mech_struct {
 	int (*dochild) (ssh_gssapi_client *);
 	int (*userok) (ssh_gssapi_client *, char *);
@ -631,16 +630,18 @@ diff --git a/sshd_config.5 b/sshd_config.5
 index c0683d4a..2349f477 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -860,6 +860,12 @@ Specifies whether to automatically destroy the user's ticket cache
+@@ -860,6 +860,14 @@ Specifies whether to automatically destroy the user's ticket cache
 file on logout.
 The default is
 .Cm yes .
-+.It Cm KerberosUniqueTicket
+.It Cm KerberosUniqueCCache
-+Specifies whether to store the aquired tickets in the per-session credential
+Specifies whether to store the acquired tickets in the per-session credential
-+cache or whether to use per-user credential cache, which might overwrite
+cache under /tmp/ or whether to use per-user credential cache as configured in
-+tickets aquired in different sessions of the same user.
+.Pa /etc/krb5.conf .
-+The default is
+The default value
-+.Cm no .
+.Cm no
 +can lead to overwriting previous tickets by subseqent connections to the same
 +user account.
 .It Cm KexAlgorithms
 Specifies the available KEX (Key Exchange) algorithms.
 Multiple algorithms must be comma-separated.
--- a/openssh-7.7p1.patch
+++ b/openssh-7.7p1.patch
@ -1,7 +1,7 @@
-diff -up openssh-7.7p1/ssh_config.redhat openssh-7.7p1/ssh_config
+diff -up openssh/ssh_config.redhat openssh/ssh_config
--- openssh-7.7p1/ssh_config.redhat	2018-04-02 07:38:28.000000000 +0200
+--- openssh/ssh_config.redhat	2020-02-11 23:28:35.000000000 +0100
-+++ openssh-7.7p1/ssh_config	2018-07-03 10:44:06.522245125 +0200
+++ openssh/ssh_config	2020-02-13 18:13:39.180641839 +0100
-@@ -44,3 +44,7 @@
+@@ -43,3 +43,7 @@
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
@ -9,18 +9,16 @@ diff -up openssh-7.7p1/ssh_config.redhat openssh-7.7p1/ssh_config
 +# To modify the system-wide ssh configuration, create a  *.conf  file under
 +#  /etc/ssh/ssh_config.d/  which will be automatically included below
 +Include /etc/ssh/ssh_config.d/*.conf
-diff -up openssh-7.7p1/ssh_config_redhat.redhat openssh-7.7p1/ssh_config_redhat
+diff -up openssh/ssh_config_redhat.redhat openssh/ssh_config_redhat
--- openssh-7.7p1/ssh_config_redhat.redhat	2018-07-03 10:44:06.522245125 +0200
+--- openssh/ssh_config_redhat.redhat	2020-02-13 18:13:39.180641839 +0100
-+++ openssh-7.7p1/ssh_config_redhat	2018-07-03 10:44:06.522245125 +0200
+++ openssh/ssh_config_redhat	2020-02-13 18:13:39.180641839 +0100
-@@ -0,0 +1,20 @@
+@@ -0,0 +1,21 @@
-+# Follow system-wide Crypto Policy, if defined:
+# The options here are in the "Match final block" to be applied as the last
-+Include /etc/crypto-policies/back-ends/openssh.config
+# options and could be potentially overwritten by the user configuration
 +Match final all
 +	# Follow system-wide Crypto Policy, if defined:
 +	Include /etc/crypto-policies/back-ends/openssh.config
 +
 +# Uncomment this if you want to use .local domain
 +# Host *.local
 +#   CheckHostIP no
 +
 +Host *
 +	GSSAPIAuthentication yes
 +
 +# If this option is set to yes then remote X11 clients will have full access
@ -33,10 +31,13 @@ diff -up openssh-7.7p1/ssh_config_redhat.redhat openssh-7.7p1/ssh_config_redhat
 +	SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
 +	SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
 +	SendEnv XMODIFIERS
-diff -up openssh-7.7p1/sshd_config.0.redhat openssh-7.7p1/sshd_config.0
+
--- openssh-7.7p1/sshd_config.0.redhat	2018-04-02 07:39:27.000000000 +0200
+# Uncomment this if you want to use .local domain
-+++ openssh-7.7p1/sshd_config.0	2018-07-03 10:44:06.523245133 +0200
+# Host *.local
-@@ -872,9 +872,9 @@ DESCRIPTION
+diff -up openssh/sshd_config.0.redhat openssh/sshd_config.0
 --- openssh/sshd_config.0.redhat	2020-02-12 14:30:04.000000000 +0100
 +++ openssh/sshd_config.0	2020-02-13 18:13:39.181641855 +0100
@@ -970,9 +970,9 @@ DESCRIPTION
      SyslogFacility
              Gives the facility code that is used when logging messages from
@ -49,10 +50,10 @@ diff -up openssh-7.7p1/sshd_config.0.redhat openssh-7.7p1/sshd_config.0
      TCPKeepAlive
              Specifies whether the system should send TCP keepalive messages
-diff -up openssh-7.7p1/sshd_config.5.redhat openssh-7.7p1/sshd_config.5
+diff -up openssh/sshd_config.5.redhat openssh/sshd_config.5
--- openssh-7.7p1/sshd_config.5.redhat	2018-04-02 07:38:28.000000000 +0200
+--- openssh/sshd_config.5.redhat	2020-02-11 23:28:35.000000000 +0100
-+++ openssh-7.7p1/sshd_config.5	2018-07-03 10:44:06.523245133 +0200
+++ openssh/sshd_config.5	2020-02-13 18:13:39.181641855 +0100
-@@ -1461,7 +1461,7 @@ By default no subsystems are defined.
+@@ -1614,7 +1614,7 @@ By default no subsystems are defined.
 .It Cm SyslogFacility
 Gives the facility code that is used when logging messages from
 .Xr sshd 8 .
@ -61,10 +62,10 @@ diff -up openssh-7.7p1/sshd_config.5.redhat openssh-7.7p1/sshd_config.5
 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
 The default is AUTH.
 .It Cm TCPKeepAlive
-diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
+diff -up openssh/sshd_config.redhat openssh/sshd_config
--- openssh-7.7p1/sshd_config.redhat	2018-04-02 07:38:28.000000000 +0200
+--- openssh/sshd_config.redhat	2020-02-11 23:28:35.000000000 +0100
-+++ openssh-7.7p1/sshd_config	2018-07-03 10:45:16.950782466 +0200
+++ openssh/sshd_config	2020-02-13 18:20:16.349913681 +0100
-@@ -10,20 +10,34 @@
+@@ -10,6 +10,10 @@
 # possible, but leave them commented.  Uncommented options override the
 # default value.
@ -75,18 +76,18 @@ diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
 #Port 22
 #AddressFamily any
 #ListenAddress 0.0.0.0
- #ListenAddress ::
+@@ -114,3 +118,7 @@ Subsystem	sftp	/usr/libexec/sftp-server
- 
+ #	AllowTcpForwarding no
-#HostKey /etc/ssh/ssh_host_rsa_key
+ #	PermitTTY no
-#HostKey /etc/ssh/ssh_host_ecdsa_key
+ #	ForceCommand cvs server
-#HostKey /etc/ssh/ssh_host_ed25519_key
+
-+HostKey /etc/ssh/ssh_host_rsa_key
+# To modify the system-wide ssh configuration, create a  *.conf  file under
-+HostKey /etc/ssh/ssh_host_ecdsa_key
+#  /etc/ssh/sshd_config.d/  which will be automatically included below
-+HostKey /etc/ssh/ssh_host_ed25519_key
+Include /etc/ssh/sshd_config.d/*.conf
- 
+diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat
- # Ciphers and keying
+--- openssh/sshd_config_redhat.redhat	2020-02-13 18:14:02.268006439 +0100
- #RekeyLimit default none
+++ openssh/sshd_config_redhat	2020-02-13 18:19:20.765035947 +0100
- 
+@@ -0,0 +1,31 @@
 +# System-wide Crypto policy:
 +# This system is following system-wide crypto policy. The changes to
 +# Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any
@ -96,69 +97,25 @@ diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
 +# variable in  /etc/sysconfig/sshd  to overwrite the policy.
 +# For more information, see manual page for update-crypto-policies(8).
 +
 # Logging
 #SyslogFacility AUTH
 +SyslogFacility AUTHPRIV
- #LogLevel INFO
+
 # Authentication:
@@ -56,9 +70,11 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
 +PasswordAuthentication yes
 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes
 +ChallengeResponseAuthentication no
- 
+
 # Kerberos options
 #KerberosAuthentication no
@@ -67,8 +83,8 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #KerberosGetAFSToken no
 # GSSAPI options
 -#GSSAPIAuthentication no
 -#GSSAPICleanupCredentials yes
 +GSSAPIAuthentication yes
 +GSSAPICleanupCredentials no
 # Set this to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will
@@ -79,16 +95,20 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
 -#UsePAM no
 +UsePAM yes
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
 -#X11Forwarding no
 +X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PermitTTY yes
 -#PrintMotd yes
 +
-+# It is recommended to use pam_motd in /etc/pam.d/ssh instead of PrintMotd,
+UsePAM yes
 +
 +X11Forwarding yes
 +
 +# It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd,
 +# as it is more configurable and versatile than the built-in version.
 +PrintMotd no
 +
 #PrintLastLog yes
 #TCPKeepAlive yes
 #PermitUserEnvironment no
@@ -106,6 +126,12 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # no default banner path
 #Banner none
 +# Accept locale-related environment variables
 +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
 +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
 +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
 +AcceptEnv XMODIFIERS
 +
 # override default of no subsystems
 Subsystem	sftp	/usr/libexec/sftp-server
--- a/openssh-7.8p1-UsePAM-warning.patch
+++ b/openssh-7.8p1-UsePAM-warning.patch
@ -3,15 +3,15 @@ diff --git a/sshd.c b/sshd.c
 +++ b/sshd.c
@@ -1701,6 +1701,10 @@ main(int ac, char **av)
 	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
- 	    cfg, NULL);
+ 	    cfg, &includes, NULL);
 +	/* 'UsePAM no' is not supported in Fedora */
 +	if (! options.use_pam)
 +		logit("WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems.");
 +
 	seed_rng();
 	/* Fill in default values for those options not explicitly set. */
 	fill_default_server_options(&options);
 diff --git a/sshd_config b/sshd_config
 --- a/sshd_config
 +++ b/sshd_config
@ -21,6 +21,6 @@ diff --git a/sshd_config b/sshd_config
 # and ChallengeResponseAuthentication to 'no'.
 +# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
 +# problems.
- UsePAM yes
+ #UsePAM no
 #AllowAgentForwarding yes
--- a/openssh-7.8p1-gsskex.patch
+++ b/openssh-7.8p1-gsskex.patch
--- a/openssh-7.8p1-ip-port-config-parser.patch
+++ b/openssh-7.8p1-ip-port-config-parser.patch
@ -1,72 +0,0 @@
 diff -up openssh/misc.c.config openssh/misc.c
 --- openssh/misc.c.config	2018-08-22 13:58:54.922807799 +0200
 +++ openssh/misc.c	2018-08-22 13:58:55.000808428 +0200
@@ -485,7 +485,7 @@ put_host_port(const char *host, u_short
  * The delimiter char, if present, is stored in delim.
  * If this is the last field, *cp is set to NULL.
  */
 -static char *
 +char *
 hpdelim2(char **cp, char *delim)
 {
 	char *s, *old;
 diff -up openssh/misc.h.config openssh/misc.h
 --- openssh/misc.h.config	2018-08-20 07:57:29.000000000 +0200
 +++ openssh/misc.h	2018-08-22 13:58:55.001808436 +0200
@@ -54,6 +54,7 @@ int	 set_rdomain(int, const char *);
 int	 a2port(const char *);
 int	 a2tun(const char *, int *);
 char	*put_host_port(const char *, u_short);
 +char	*hpdelim2(char **, char *);
 char	*hpdelim(char **);
 char	*cleanhostname(char *);
 char	*colon(char *);
 diff -up openssh/servconf.c.config openssh/servconf.c
 --- openssh/servconf.c.config	2018-08-22 13:58:54.989808340 +0200
 +++ openssh/servconf.c	2018-08-22 14:18:49.235443937 +0200
@@ -886,7 +886,7 @@ process_permitopen_list(struct ssh *ssh,
 {
 	u_int i;
 	int port;
 -	char *host, *arg, *oarg;
 +	char *host, *arg, *oarg, ch;
 	int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
 	const char *what = lookup_opcode_name(opcode);
@@ -904,8 +904,8 @@ process_permitopen_list(struct ssh *ssh,
 	/* Otherwise treat it as a list of permitted host:port */
 	for (i = 0; i < num_opens; i++) {
 		oarg = arg = xstrdup(opens[i]);
 -		host = hpdelim(&arg);
 -		if (host == NULL)
 +		host = hpdelim2(&arg, &ch);
 +		if (host == NULL || ch == '/')
 			fatal("%s: missing host in %s", __func__, what);
 		host = cleanhostname(host);
 		if (arg == NULL || ((port = permitopen_port(arg)) < 0))
@@ -1323,8 +1323,10 @@ process_server_config_line(ServerOptions
 			port = 0;
 			p = arg;
 		} else {
 -			p = hpdelim(&arg);
 -			if (p == NULL)
 +			char ch;
 +			arg2 = NULL;
 +			p = hpdelim2(&arg, &ch);
 +			if (p == NULL || ch == '/')
 				fatal("%s line %d: bad address:port usage",
 				    filename, linenum);
 			p = cleanhostname(p);
@@ -1965,9 +1967,10 @@ process_server_config_line(ServerOptions
 				 */
 				xasprintf(&arg2, "*:%s", arg);
 			} else {
 +				char ch;
 				arg2 = xstrdup(arg);
 -				p = hpdelim(&arg);
 -				if (p == NULL) {
 +				p = hpdelim2(&arg, &ch);
 +				if (p == NULL || ch == '/') {
 					fatal("%s line %d: missing host in %s",
 					    filename, linenum,
 					    lookup_opcode_name(opcode));
--- a/openssh-7.8p1-role-mls.patch
+++ b/openssh-7.8p1-role-mls.patch
@ -4,11 +4,11 @@ diff -up openssh/auth2.c.role-mls openssh/auth2.c
@@ -256,6 +256,9 @@ input_userauth_request(int type, u_int32
 	Authctxt *authctxt = ssh->authctxt;
 	Authmethod *m = NULL;
- 	char *user, *service, *method, *style = NULL;
+ 	char *user = NULL, *service = NULL, *method = NULL, *style = NULL;
 +#ifdef WITH_SELINUX
 +	char *role = NULL;
 +#endif
- 	int authenticated = 0;
+ 	int r, authenticated = 0;
 	double tstart = monotime_double();
@@ -268,6 +271,11 @@ input_userauth_request(int type, u_int32
@ -37,9 +37,9 @@ diff -up openssh/auth2.c.role-mls openssh/auth2.c
 +			mm_inform_authrole(role);
 +#endif
 +		}
- 		userauth_banner();
+ 		userauth_banner(ssh);
 		if (auth2_setup_methods_lists(authctxt) != 0)
- 			packet_disconnect("no authentication methods enabled");
+ 			ssh_packet_disconnect(ssh,
 diff -up openssh/auth2-gss.c.role-mls openssh/auth2-gss.c
 --- openssh/auth2-gss.c.role-mls	2018-08-20 07:57:29.000000000 +0200
 +++ openssh/auth2-gss.c	2018-08-22 11:15:42.459799171 +0200
@ -57,7 +57,7 @@ diff -up openssh/auth2-gss.c.role-mls openssh/auth2-gss.c
 	mic.length = len;
 -	ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,
 +#ifdef WITH_SELINUX
-+	if (authctxt->role && (strlen(authctxt->role) > 0))
+	if (authctxt->role && authctxt->role[0] != 0)
 +		xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role);
 +	else
 +#endif
@ -141,7 +141,7 @@ diff -up openssh/auth-pam.c.role-mls openssh/auth-pam.c
 +do_pam_putenv(char *name, const char *value)
 {
 	int ret = 1;
- #ifdef HAVE_PAM_PUTENV
+ 	char *compound;
 diff -up openssh/auth-pam.h.role-mls openssh/auth-pam.h
 --- openssh/auth-pam.h.role-mls	2018-08-20 07:57:29.000000000 +0200
 +++ openssh/auth-pam.h	2018-08-22 11:14:56.817430932 +0200
@ -197,15 +197,15 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
 --- openssh/monitor.c.role-mls	2018-08-20 07:57:29.000000000 +0200
 +++ openssh/monitor.c	2018-08-22 11:19:56.006844867 +0200
@@ -115,6 +115,9 @@ int mm_answer_sign(int, struct sshbuf *)
- int mm_answer_pwnamallow(int, struct sshbuf *);
+ int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *);
- int mm_answer_auth2_read_banner(int, struct sshbuf *);
+ int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *);
- int mm_answer_authserv(int, struct sshbuf *);
+ int mm_answer_authserv(struct ssh *, int, struct sshbuf *);
 +#ifdef WITH_SELINUX
-+int mm_answer_authrole(int, struct sshbuf *);
+int mm_answer_authrole(struct ssh *, int, struct sshbuf *);
 +#endif
- int mm_answer_authpassword(int, struct sshbuf *);
+ int mm_answer_authpassword(struct ssh *, int, struct sshbuf *);
- int mm_answer_bsdauthquery(int, struct sshbuf *);
+ int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *);
- int mm_answer_bsdauthrespond(int, struct sshbuf *);
+ int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *);
@@ -189,6 +192,9 @@ struct mon_table mon_dispatch_proto20[]
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
@ -227,12 +227,12 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
 #ifdef USE_PAM
@@ -842,6 +851,26 @@ mm_answer_authserv(int sock, struct sshb
- 	return (0);
+ 	return found;
 }
 +#ifdef WITH_SELINUX
 +int
-+mm_answer_authrole(int sock, struct sshbuf *m)
+mm_answer_authrole(struct ssh *ssh, int sock, struct sshbuf *m)
 +{
 +	int r;
 +	monitor_permit_authentications(1);
@ -251,7 +251,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
 +#endif
 +
 int
- mm_answer_authpassword(int sock, struct sshbuf *m)
+ mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m)
 {
@@ -1218,7 +1247,7 @@ monitor_valid_userblob(u_char *data, u_i
 {
@ -338,13 +338,13 @@ diff -up openssh/monitor_wrap.h.role-mls openssh/monitor_wrap.h
 --- openssh/monitor_wrap.h.role-mls	2018-08-22 11:14:56.818430941 +0200
 +++ openssh/monitor_wrap.h	2018-08-22 11:22:10.439929513 +0200
@@ -44,6 +44,9 @@ DH *mm_choose_dh(int, int, int);
- int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
+ int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *,
-     const char *, u_int compat);
+     const u_char *, size_t, const char *, const char *, u_int compat);
 void mm_inform_authserv(char *, char *);
 +#ifdef WITH_SELINUX
 +void mm_inform_authrole(char *);
 +#endif
- struct passwd *mm_getpwnamallow(const char *);
+ struct passwd *mm_getpwnamallow(struct ssh *, const char *);
 char *mm_auth2_read_banner(void);
 int mm_auth_password(struct ssh *, char *);
 diff -up openssh/openbsd-compat/Makefile.in.role-mls openssh/openbsd-compat/Makefile.in
@ -359,7 +359,7 @@ diff -up openssh/openbsd-compat/Makefile.in.role-mls openssh/openbsd-compat/Make
 +	port-linux-sshd.o
 .c.o:
- 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
+ 	$(CC) $(CFLAGS_NOPIE) $(PICFLAG) $(CPPFLAGS) -c $<
 diff -up openssh/openbsd-compat/port-linux.c.role-mls openssh/openbsd-compat/port-linux.c
 --- openssh/openbsd-compat/port-linux.c.role-mls	2018-08-20 07:57:29.000000000 +0200
 +++ openssh/openbsd-compat/port-linux.c	2018-08-22 11:14:56.819430949 +0200
--- a/openssh-7.8p1.tar.gz
+++ b/openssh-7.8p1.tar.gz
--- a/openssh-7.8p1.tar.gz.asc
+++ b/openssh-7.8p1.tar.gz.asc
@ -1,14 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAlt+Xa8ACgkQ0+X1a22S
 DTAJPwx9HIW/obxNJYTU7M8trpalBekdl1SqUjxdDwInIsKTLSOpJCsnynBai/3c
 SuvZkBwcKwZZFe+xCvRQDHkf/YYLT+d7slUQolb0OJmzFKbvu6xwuv7q12ag9hQj
 /8BUfdYRKb63uemfKuVAHfcnUm9WlwSbif+Au/j1yg/MlETY47ezYA9/q75wignx
 3g38JVHVgKDenDd8o9/hgjeQpEHKNdCQo71nN2h3MYRlh4xrR9ENZj7y8x65Kp1j
 WoZEhlvjYkka4deSGwj2MIAJnzsc39uppEoEjkB7F9SUo4O7CxbWFein70Ct7Xbs
 VDWXQibnJGHKatHIecaPLUYexGWO1XYNZErDhY7fPw0ChfMGbz3+0eDfDJqGY49r
 Lo6wzsrgv2kDJMqwciT/D/Zb3ocHnCrq1Isnz/Ug2lW58LMk7Y1HisPteZFQ/pkC
 xKeO+K1RkaRUSCrB5iToqF+7i8eRNVROYmkKLgKcMrC0WYEjnbEoFdr4bktAS9QM
 BS6aIsh2cyg2H0FjDKmYvcKOUf0IgA==
 =ZiYm
 -----END PGP SIGNATURE-----
--- a/openssh-7.9p1-ssh-copy-id.patch
+++ b/openssh-7.9p1-ssh-copy-id.patch
@ -0,0 +1,31 @@
 diff -up openssh-7.9p1/contrib/ssh-copy-id.ssh-copy-id openssh-7.9p1/contrib/ssh-copy-id
 --- openssh-7.9p1/contrib/ssh-copy-id.ssh-copy-id	2018-10-17 02:01:20.000000000 +0200
 +++ openssh-7.9p1/contrib/ssh-copy-id	2019-01-23 20:49:30.513393667 +0100
@@ -112,7 +112,8 @@ do
         usage
   }
 -  OPT= OPTARG=
 +  OPT=
 +  OPTARG=
   # implement something like getopt to avoid Solaris pain
   case "$1" in
     -i?*|-o?*|-p?*)
@@ -261,7 +262,7 @@ populate_new_ids() {
   fi
   if [ -z "$NEW_IDS" ] ; then
     printf '\n%s: WARNING: All keys were skipped because they already exist on the remote system.\n' "$0" >&2
 -    printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' "$0" >&2
 +    printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' >&2
     exit 0
   fi
   printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2
@@ -296,7 +297,7 @@ case "$REMOTE_VERSION" in
     # in ssh below - to defend against quirky remote shells: use 'exec sh -c' to get POSIX;
     #     'cd' to be at $HOME; add a newline if it's missing; and all on one line, because tcsh.
     [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \
 -      ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && { [ -z "'`tail -1c .ssh/authorized_keys 2>/dev/null`'" ] || echo >> .ssh/authorized_keys ; } && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \
 +      ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && { [ -z "'`tail -1c .ssh/authorized_keys 2>/dev/null`'" ] || echo >> .ssh/authorized_keys || exit 1; } && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \
       || exit 1
     ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
     ;;
--- a/openssh-8.0p1-crypto-policies.patch
+++ b/openssh-8.0p1-crypto-policies.patch
@ -0,0 +1,267 @@
 diff -up openssh/ssh_config.5.crypto-policies openssh/ssh_config.5
 --- openssh/ssh_config.5.crypto-policies	2020-02-07 15:05:55.665451715 +0100
 +++ openssh/ssh_config.5	2020-02-07 15:07:11.632641922 +0100
@@ -361,15 +361,15 @@ domains.
 .It Cm CASignatureAlgorithms
 Specifies which algorithms are allowed for signing of certificates
 by certificate authorities (CAs).
 -The default is:
 -.Bd -literal -offset indent
 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 -.Ed
 -.Pp
 .Xr ssh 1
 will not accept host certificates signed using algorithms other than those
 specified.
 +.Pp
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 .It Cm CertificateFile
 Specifies a file from which the user's certificate is read.
 A corresponding private key must be provided separately in order
@@ -453,12 +453,10 @@ aes256-gcm@openssh.com
 chacha20-poly1305@openssh.com
 .Ed
 .Pp
 -The default is:
 -.Bd -literal -offset indent
 -chacha20-poly1305@openssh.com,
 -aes128-ctr,aes192-ctr,aes256-ctr,
 -aes128-gcm@openssh.com,aes256-gcm@openssh.com
 -.Ed
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available ciphers may also be obtained using
 .Qq ssh -Q cipher .
@@ -824,8 +822,10 @@ gss-nistp256-sha256-,
 gss-curve25519-sha256-
 .Ed
 .Pp
 -The default is
 -.Dq gss-gex-sha1-,gss-group14-sha1- .
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 This option only applies to protocol version 2 connections using GSSAPI.
 .It Cm HashKnownHosts
 Indicates that
@@ -1162,15 +1162,10 @@ If the specified list begins with a
 .Sq ^
 character, then the specified methods will be placed at the head of the
 default set.
 -The default is:
 -.Bd -literal -offset indent
 -curve25519-sha256,curve25519-sha256@libssh.org,
 -ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
 -diffie-hellman-group-exchange-sha256,
 -diffie-hellman-group16-sha512,
 -diffie-hellman-group18-sha512,
 -diffie-hellman-group14-sha256
 -.Ed
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available key exchange algorithms may also be obtained using
 .Qq ssh -Q kex .
@@ -1252,14 +1247,10 @@ The algorithms that contain
 calculate the MAC after encryption (encrypt-then-mac).
 These are considered safer and their use recommended.
 .Pp
 -The default is:
 -.Bd -literal -offset indent
 -umac-64-etm@openssh.com,umac-128-etm@openssh.com,
 -hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
 -hmac-sha1-etm@openssh.com,
 -umac-64@openssh.com,umac-128@openssh.com,
 -hmac-sha2-256,hmac-sha2-512,hmac-sha1
 -.Ed
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available MAC algorithms may also be obtained using
 .Qq ssh -Q mac .
@@ -1407,22 +1398,10 @@ If the specified list begins with a
 .Sq ^
 character, then the specified key types will be placed at the head of the
 default set.
 -The default for this option is:
 -.Bd -literal -offset 3n
 -ecdsa-sha2-nistp256-cert-v01@openssh.com,
 -ecdsa-sha2-nistp384-cert-v01@openssh.com,
 -ecdsa-sha2-nistp521-cert-v01@openssh.com,
 -sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 -ssh-ed25519-cert-v01@openssh.com,
 -sk-ssh-ed25519-cert-v01@openssh.com,
 -rsa-sha2-512-cert-v01@openssh.com,
 -rsa-sha2-256-cert-v01@openssh.com,
 -ssh-rsa-cert-v01@openssh.com,
 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -sk-ecdsa-sha2-nistp256@openssh.com,
 -ssh-ed25519,sk-ssh-ed25519@openssh.com,
 -rsa-sha2-512,rsa-sha2-256,ssh-rsa
 -.Ed
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available key types may also be obtained using
 .Qq ssh -Q PubkeyAcceptedKeyTypes .
 diff -up openssh/sshd_config.5.crypto-policies openssh/sshd_config.5
 --- openssh/sshd_config.5.crypto-policies	2020-02-07 15:05:55.639451308 +0100
 +++ openssh/sshd_config.5	2020-02-07 15:05:55.672451825 +0100
@@ -377,14 +377,14 @@ By default, no banner is displayed.
 .It Cm CASignatureAlgorithms
 Specifies which algorithms are allowed for signing of certificates
 by certificate authorities (CAs).
 -The default is:
 -.Bd -literal -offset indent
 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 -.Ed
 -.Pp
 Certificates signed using other algorithms will not be accepted for
 public key or host-based authentication.
 +.Pp
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 .It Cm ChallengeResponseAuthentication
 Specifies whether challenge-response authentication is allowed (e.g. via
 PAM or through authentication styles supported in
@@ -486,12 +486,10 @@ aes256-gcm@openssh.com
 chacha20-poly1305@openssh.com
 .El
 .Pp
 -The default is:
 -.Bd -literal -offset indent
 -chacha20-poly1305@openssh.com,
 -aes128-ctr,aes192-ctr,aes256-ctr,
 -aes128-gcm@openssh.com,aes256-gcm@openssh.com
 -.Ed
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available ciphers may also be obtained using
 .Qq ssh -Q cipher .
@@ -693,8 +691,10 @@ gss-nistp256-sha256-,
 gss-curve25519-sha256-
 .Ed
 .Pp
 -The default is
 -.Dq gss-gex-sha1-,gss-group14-sha1- .
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 This option only applies to protocol version 2 connections using GSSAPI.
 .It Cm HostbasedAcceptedKeyTypes
 Specifies the key types that will be accepted for hostbased authentication
@@ -794,22 +794,10 @@ environment variable.
 .It Cm HostKeyAlgorithms
 Specifies the host key algorithms
 that the server offers.
 -The default for this option is:
 -.Bd -literal -offset 3n
 -ecdsa-sha2-nistp256-cert-v01@openssh.com,
 -ecdsa-sha2-nistp384-cert-v01@openssh.com,
 -ecdsa-sha2-nistp521-cert-v01@openssh.com,
 -sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 -ssh-ed25519-cert-v01@openssh.com,
 -sk-ssh-ed25519-cert-v01@openssh.com,
 -rsa-sha2-512-cert-v01@openssh.com,
 -rsa-sha2-256-cert-v01@openssh.com,
 -ssh-rsa-cert-v01@openssh.com,
 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -sk-ecdsa-sha2-nistp256@openssh.com,
 -ssh-ed25519,sk-ssh-ed25519@openssh.com,
 -rsa-sha2-512,rsa-sha2-256,ssh-rsa
 -.Ed
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available key types may also be obtained using
 .Qq ssh -Q HostKeyAlgorithms .
@@ -987,14 +975,10 @@ ecdh-sha2-nistp521
 sntrup4591761x25519-sha512@tinyssh.org
 .El
 .Pp
 -The default is:
 -.Bd -literal -offset indent
 -curve25519-sha256,curve25519-sha256@libssh.org,
 -ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
 -diffie-hellman-group-exchange-sha256,
 -diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
 -diffie-hellman-group14-sha256
 -.Ed
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available key exchange algorithms may also be obtained using
 .Qq ssh -Q KexAlgorithms .
@@ -1121,14 +1105,10 @@ umac-64-etm@openssh.com
 umac-128-etm@openssh.com
 .El
 .Pp
 -The default is:
 -.Bd -literal -offset indent
 -umac-64-etm@openssh.com,umac-128-etm@openssh.com,
 -hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
 -hmac-sha1-etm@openssh.com,
 -umac-64@openssh.com,umac-128@openssh.com,
 -hmac-sha2-256,hmac-sha2-512,hmac-sha1
 -.Ed
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available MAC algorithms may also be obtained using
 .Qq ssh -Q mac .
@@ -1492,22 +1472,10 @@ If the specified list begins with a
 .Sq ^
 character, then the specified key types will be placed at the head of the
 default set.
 -The default for this option is:
 -.Bd -literal -offset 3n
 -ecdsa-sha2-nistp256-cert-v01@openssh.com,
 -ecdsa-sha2-nistp384-cert-v01@openssh.com,
 -ecdsa-sha2-nistp521-cert-v01@openssh.com,
 -sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 -ssh-ed25519-cert-v01@openssh.com,
 -sk-ssh-ed25519-cert-v01@openssh.com,
 -rsa-sha2-512-cert-v01@openssh.com,
 -rsa-sha2-256-cert-v01@openssh.com,
 -ssh-rsa-cert-v01@openssh.com,
 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -sk-ecdsa-sha2-nistp256@openssh.com,
 -ssh-ed25519,sk-ssh-ed25519@openssh.com,
 -rsa-sha2-512,rsa-sha2-256,ssh-rsa
 -.Ed
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available key types may also be obtained using
 .Qq ssh -Q PubkeyAcceptedKeyTypes .
--- a/openssh-8.0p1-gssapi-keyex.patch
+++ b/openssh-8.0p1-gssapi-keyex.patch
--- a/openssh-8.0p1-openssl-evp.patch
+++ b/openssh-8.0p1-openssl-evp.patch
@ -0,0 +1,720 @@
 From ed7ec0cdf577ffbb0b15145340cf51596ca3eb89 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Tue, 14 May 2019 10:45:45 +0200
 Subject: [PATCH] Use high-level OpenSSL API for signatures
 ---
 digest-openssl.c |  16 ++++
 digest.h         |   6 ++
 ssh-dss.c        |  65 ++++++++++------
 ssh-ecdsa.c      |  69 ++++++++++-------
 ssh-rsa.c        | 193 +++++++++--------------------------------------
 sshkey.c         |  77 +++++++++++++++++++
 sshkey.h         |   4 +
 7 files changed, 221 insertions(+), 209 deletions(-)
 diff --git a/digest-openssl.c b/digest-openssl.c
 index da7ed72bc..6a21d8adb 100644
 --- a/digest-openssl.c
 +++ b/digest-openssl.c
@@ -63,6 +63,22 @@ const struct ssh_digest digests[] = {
 	{ -1,			NULL,		0,	NULL },
 };
 +const EVP_MD *
 +ssh_digest_to_md(int digest_type)
 +{
 +	switch (digest_type) {
 +	case SSH_DIGEST_SHA1:
 +		return EVP_sha1();
 +	case SSH_DIGEST_SHA256:
 +		return EVP_sha256();
 +	case SSH_DIGEST_SHA384:
 +		return EVP_sha384();
 +	case SSH_DIGEST_SHA512:
 +		return EVP_sha512();
 +	}
 +	return NULL;
 +}
 +
 static const struct ssh_digest *
 ssh_digest_by_alg(int alg)
 {
 diff --git a/digest.h b/digest.h
 index 274574d0e..c7ceeb36f 100644
 --- a/digest.h
 +++ b/digest.h
@@ -32,6 +32,12 @@
 struct sshbuf;
 struct ssh_digest_ctx;
 +#ifdef WITH_OPENSSL
 +#include <openssl/evp.h>
 +/* Converts internal digest representation to the OpenSSL one */
 +const EVP_MD *ssh_digest_to_md(int digest_type);
 +#endif
 +
 /* Looks up a digest algorithm by name */
 int ssh_digest_alg_by_name(const char *name);
 diff --git a/ssh-dss.c b/ssh-dss.c
 index a23c383dc..ea45e7275 100644
 --- a/ssh-dss.c
 +++ b/ssh-dss.c
@@ -52,11 +52,15 @@ int
 ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
     const u_char *data, size_t datalen, u_int compat)
 {
 +	EVP_PKEY *pkey = NULL;
 	DSA_SIG *sig = NULL;
 	const BIGNUM *sig_r, *sig_s;
 -	u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];
 -	size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
 +	u_char sigblob[SIGBLOB_LEN];
 +	size_t rlen, slen;
 +	int len;
 	struct sshbuf *b = NULL;
 +	u_char *sigb = NULL;
 +	const u_char *psig = NULL;
 	int ret = SSH_ERR_INVALID_ARGUMENT;
 	if (lenp != NULL)
@@ -67,17 +71,24 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
 	if (key == NULL || key->dsa == NULL ||
 	    sshkey_type_plain(key->type) != KEY_DSA)
 		return SSH_ERR_INVALID_ARGUMENT;
 -	if (dlen == 0)
 -		return SSH_ERR_INTERNAL_ERROR;
 -	if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
 -	    digest, sizeof(digest))) != 0)
 +	if ((pkey = EVP_PKEY_new()) == NULL ||
 +	    EVP_PKEY_set1_DSA(pkey, key->dsa) != 1)
 +		return SSH_ERR_ALLOC_FAIL;
 +	ret = sshkey_calculate_signature(pkey, SSH_DIGEST_SHA1, &sigb, &len,
 +	    data, datalen);
 +	EVP_PKEY_free(pkey);
 +	if (ret < 0) {
 		goto out;
 +	}
 -	if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) {
 +	psig = sigb;
 +	if ((sig = d2i_DSA_SIG(NULL, &psig, len)) == NULL) {
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
 +	free(sigb);
 +	sigb = NULL;
 	DSA_SIG_get0(sig, &sig_r, &sig_s);
 	rlen = BN_num_bytes(sig_r);
@@ -110,7 +121,7 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
 		*lenp = len;
 	ret = 0;
  out:
 -	explicit_bzero(digest, sizeof(digest));
 +	free(sigb);
 	DSA_SIG_free(sig);
 	sshbuf_free(b);
 	return ret;
@@ -121,20 +132,20 @@ ssh_dss_verify(const struct sshkey *key,
     const u_char *signature, size_t signaturelen,
     const u_char *data, size_t datalen, u_int compat)
 {
 +	EVP_PKEY *pkey = NULL;
 	DSA_SIG *sig = NULL;
 	BIGNUM *sig_r = NULL, *sig_s = NULL;
 -	u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob = NULL;
 -	size_t len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
 +	u_char *sigblob = NULL;
 +	size_t len, slen;
 	int ret = SSH_ERR_INTERNAL_ERROR;
 	struct sshbuf *b = NULL;
 	char *ktype = NULL;
 +	u_char *sigb = NULL, *psig = NULL;
 	if (key == NULL || key->dsa == NULL ||
 	    sshkey_type_plain(key->type) != KEY_DSA ||
 	    signature == NULL || signaturelen == 0)
 		return SSH_ERR_INVALID_ARGUMENT;
 -	if (dlen == 0)
 -		return SSH_ERR_INTERNAL_ERROR;
 	/* fetch signature */
 	if ((b = sshbuf_from(signature, signaturelen)) == NULL)
@@ -176,25 +187,31 @@ ssh_dss_verify(const struct sshkey *key,
 	}
 	sig_r = sig_s = NULL; /* transferred */
 -	/* sha1 the data */
 -	if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
 -	    digest, sizeof(digest))) != 0)
 +	if ((slen = i2d_DSA_SIG(sig, NULL)) == 0) {
 +		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 -
 -	switch (DSA_do_verify(digest, dlen, sig, key->dsa)) {
 -	case 1:
 -		ret = 0;
 -		break;
 -	case 0:
 -		ret = SSH_ERR_SIGNATURE_INVALID;
 +	}
 +	if ((sigb = malloc(slen)) == NULL) {
 +		ret = SSH_ERR_ALLOC_FAIL;
 		goto out;
 -	default:
 +	}
 +	psig = sigb;
 +	if ((slen = i2d_DSA_SIG(sig, &psig)) == 0) {
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
 +	if ((pkey = EVP_PKEY_new()) == NULL ||
 +	    EVP_PKEY_set1_DSA(pkey, key->dsa) != 1) {
 +		ret = SSH_ERR_ALLOC_FAIL;
 +		goto out;
 +	}
 +	ret = sshkey_verify_signature(pkey, SSH_DIGEST_SHA1, data, datalen,
 +	    sigb, slen);
 +	EVP_PKEY_free(pkey);
 +
  out:
 -	explicit_bzero(digest, sizeof(digest));
 +	free(sigb);
 	DSA_SIG_free(sig);
 	BN_clear_free(sig_r);
 	BN_clear_free(sig_s);
 diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
 index 599c7199d..b036796e8 100644
 --- a/ssh-ecdsa.c
 +++ b/ssh-ecdsa.c
@@ -50,11 +50,13 @@ int
 ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
     const u_char *data, size_t datalen, u_int compat)
 {
 +	EVP_PKEY *pkey = NULL;
 	ECDSA_SIG *sig = NULL;
 +	unsigned char *sigb = NULL;
 +	const unsigned char *psig;
 	const BIGNUM *sig_r, *sig_s;
 	int hash_alg;
 -	u_char digest[SSH_DIGEST_MAX_LENGTH];
 -	size_t len, dlen;
 +	int len;
 	struct sshbuf *b = NULL, *bb = NULL;
 	int ret = SSH_ERR_INTERNAL_ERROR;
@@ -67,18 +69,24 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
 	    sshkey_type_plain(key->type) != KEY_ECDSA)
 		return SSH_ERR_INVALID_ARGUMENT;
 -	if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 ||
 -	    (dlen = ssh_digest_bytes(hash_alg)) == 0)
 +	if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1)
 		return SSH_ERR_INTERNAL_ERROR;
 -	if ((ret = ssh_digest_memory(hash_alg, data, datalen,
 -	    digest, sizeof(digest))) != 0)
 +
 +	if ((pkey = EVP_PKEY_new()) == NULL ||
 +	    EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1)
 +		return SSH_ERR_ALLOC_FAIL;
 +	ret = sshkey_calculate_signature(pkey, hash_alg, &sigb, &len, data,
 +	    datalen);
 +	EVP_PKEY_free(pkey);
 +	if (ret < 0) {
 		goto out;
 +	}
 -	if ((sig = ECDSA_do_sign(digest, dlen, key->ecdsa)) == NULL) {
 +	psig = sigb;
 +	if ((sig = d2i_ECDSA_SIG(NULL, &psig, len)) == NULL) {
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
 -
 	if ((bb = sshbuf_new()) == NULL || (b = sshbuf_new()) == NULL) {
 		ret = SSH_ERR_ALLOC_FAIL;
 		goto out;
@@ -102,7 +110,7 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
 		*lenp = len;
 	ret = 0;
  out:
 -	explicit_bzero(digest, sizeof(digest));
 +	free(sigb);
 	sshbuf_free(b);
 	sshbuf_free(bb);
 	ECDSA_SIG_free(sig);
@@ -115,22 +123,21 @@ ssh_ecdsa_verify(const struct sshkey *key,
     const u_char *signature, size_t signaturelen,
     const u_char *data, size_t datalen, u_int compat)
 {
 +	EVP_PKEY *pkey = NULL;
 	ECDSA_SIG *sig = NULL;
 	BIGNUM *sig_r = NULL, *sig_s = NULL;
 -	int hash_alg;
 -	u_char digest[SSH_DIGEST_MAX_LENGTH];
 -	size_t dlen;
 +	int hash_alg, len;
 	int ret = SSH_ERR_INTERNAL_ERROR;
 	struct sshbuf *b = NULL, *sigbuf = NULL;
 	char *ktype = NULL;
 +	unsigned char *sigb = NULL, *psig = NULL;
 	if (key == NULL || key->ecdsa == NULL ||
 	    sshkey_type_plain(key->type) != KEY_ECDSA ||
 	    signature == NULL || signaturelen == 0)
 		return SSH_ERR_INVALID_ARGUMENT;
 -	if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 ||
 -	    (dlen = ssh_digest_bytes(hash_alg)) == 0)
 +	if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1)
 		return SSH_ERR_INTERNAL_ERROR;
 	/* fetch signature */
@@ -166,28 +173,36 @@ ssh_ecdsa_verify(const struct sshkey *key,
 	}
 	sig_r = sig_s = NULL; /* transferred */
 -	if (sshbuf_len(sigbuf) != 0) {
 -		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
 +	/* Figure out the length */
 +	if ((len = i2d_ECDSA_SIG(sig, NULL)) == 0) {
 +		ret = SSH_ERR_LIBCRYPTO_ERROR;
 +		goto out;
 +	}
 +	if ((sigb = malloc(len)) == NULL) {
 +		ret = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
 -	if ((ret = ssh_digest_memory(hash_alg, data, datalen,
 -	    digest, sizeof(digest))) != 0)
 +	psig = sigb;
 +	if ((len = i2d_ECDSA_SIG(sig, &psig)) == 0) {
 +		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 +	}
 -	switch (ECDSA_do_verify(digest, dlen, sig, key->ecdsa)) {
 -	case 1:
 -		ret = 0;
 -		break;
 -	case 0:
 -		ret = SSH_ERR_SIGNATURE_INVALID;
 +	if (sshbuf_len(sigbuf) != 0) {
 +		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
 		goto out;
 -	default:
 -		ret = SSH_ERR_LIBCRYPTO_ERROR;
 +	}
 +
 +	if ((pkey = EVP_PKEY_new()) == NULL ||
 +	    EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1) {
 +		ret =  SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
 +	ret = sshkey_verify_signature(pkey, hash_alg, data, datalen, sigb, len);
 +	EVP_PKEY_free(pkey);
  out:
 -	explicit_bzero(digest, sizeof(digest));
 +	free(sigb);
 	sshbuf_free(sigbuf);
 	sshbuf_free(b);
 	ECDSA_SIG_free(sig);
 diff --git a/ssh-rsa.c b/ssh-rsa.c
 index 9b14f9a9a..8ef3a6aca 100644
 --- a/ssh-rsa.c
 +++ b/ssh-rsa.c
@@ -37,7 +37,7 @@
 #include "openbsd-compat/openssl-compat.h"
 -static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *);
 +static int openssh_RSA_verify(int, const u_char *, size_t, u_char *, size_t, EVP_PKEY *);
 static const char *
 rsa_hash_alg_ident(int hash_alg)
@@ -90,21 +90,6 @@ rsa_hash_id_from_keyname(const char *alg)
 	return -1;
 }
 -static int
 -rsa_hash_alg_nid(int type)
 -{
 -	switch (type) {
 -	case SSH_DIGEST_SHA1:
 -		return NID_sha1;
 -	case SSH_DIGEST_SHA256:
 -		return NID_sha256;
 -	case SSH_DIGEST_SHA512:
 -		return NID_sha512;
 -	default:
 -		return -1;
 -	}
 -}
 -
 int
 ssh_rsa_complete_crt_parameters(struct sshkey *key, const BIGNUM *iqmp)
 {
@@ -164,11 +149,10 @@ int
 ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
     const u_char *data, size_t datalen, const char *alg_ident)
 {
 -	const BIGNUM *rsa_n;
 -	u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL;
 -	size_t slen = 0;
 -	u_int dlen, len;
 -	int nid, hash_alg, ret = SSH_ERR_INTERNAL_ERROR;
 +	EVP_PKEY *pkey = NULL;
 +	u_char *sig = NULL;
 +	int len, slen = 0;
 +	int hash_alg, ret = SSH_ERR_INTERNAL_ERROR;
 	struct sshbuf *b = NULL;
 	if (lenp != NULL)
@@ -180,33 +164,24 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
 		hash_alg = SSH_DIGEST_SHA1;
 	else
 		hash_alg = rsa_hash_id_from_keyname(alg_ident);
 +
 	if (key == NULL || key->rsa == NULL || hash_alg == -1 ||
 	    sshkey_type_plain(key->type) != KEY_RSA)
 		return SSH_ERR_INVALID_ARGUMENT;
 -	RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);
 -	if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
 -		return SSH_ERR_KEY_LENGTH;
 	slen = RSA_size(key->rsa);
 -	if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
 -		return SSH_ERR_INVALID_ARGUMENT;
 -
 -	/* hash the data */
 -	nid = rsa_hash_alg_nid(hash_alg);
 -	if ((dlen = ssh_digest_bytes(hash_alg)) == 0)
 -		return SSH_ERR_INTERNAL_ERROR;
 -	if ((ret = ssh_digest_memory(hash_alg, data, datalen,
 -	    digest, sizeof(digest))) != 0)
 -		goto out;
 +	if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
 +		return SSH_ERR_KEY_LENGTH;
 -	if ((sig = malloc(slen)) == NULL) {
 -		ret = SSH_ERR_ALLOC_FAIL;
 +	if ((pkey = EVP_PKEY_new()) == NULL ||
 +	    EVP_PKEY_set1_RSA(pkey, key->rsa) != 1)
 +		return SSH_ERR_ALLOC_FAIL;
 +	ret = sshkey_calculate_signature(pkey, hash_alg, &sig, &len, data,
 +	    datalen);
 +	EVP_PKEY_free(pkey);
 +	if (ret < 0) {
 		goto out;
 	}
 -	if (RSA_sign(nid, digest, dlen, sig, &len, key->rsa) != 1) {
 -		ret = SSH_ERR_LIBCRYPTO_ERROR;
 -		goto out;
 -	}
 	if (len < slen) {
 		size_t diff = slen - len;
 		memmove(sig + diff, sig, len);
@@ -215,6 +190,7 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
 		ret = SSH_ERR_INTERNAL_ERROR;
 		goto out;
 	}
 +
 	/* encode signature */
 	if ((b = sshbuf_new()) == NULL) {
 		ret = SSH_ERR_ALLOC_FAIL;
@@ -235,7 +211,6 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
 		*lenp = len;
 	ret = 0;
  out:
 -	explicit_bzero(digest, sizeof(digest));
 	freezero(sig, slen);
 	sshbuf_free(b);
 	return ret;
@@ -246,10 +221,10 @@ ssh_rsa_verify(const struct sshkey *key,
     const u_char *sig, size_t siglen, const u_char *data, size_t datalen,
     const char *alg)
 {
 -	const BIGNUM *rsa_n;
 +	EVP_PKEY *pkey = NULL;
 	char *sigtype = NULL;
 	int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR;
 -	size_t len = 0, diff, modlen, dlen;
 +	size_t len = 0, diff, modlen;
 	struct sshbuf *b = NULL;
 	u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL;
@@ -257,8 +232,7 @@ ssh_rsa_verify(const struct sshkey *key,
 	    sshkey_type_plain(key->type) != KEY_RSA ||
 	    sig == NULL || siglen == 0)
 		return SSH_ERR_INVALID_ARGUMENT;
 -	RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);
 -	if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
 +	if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
 		return SSH_ERR_KEY_LENGTH;
 	if ((b = sshbuf_from(sig, siglen)) == NULL)
@@ -310,16 +284,15 @@ ssh_rsa_verify(const struct sshkey *key,
 		explicit_bzero(sigblob, diff);
 		len = modlen;
 	}
 -	if ((dlen = ssh_digest_bytes(hash_alg)) == 0) {
 -		ret = SSH_ERR_INTERNAL_ERROR;
 +
 +	if ((pkey = EVP_PKEY_new()) == NULL ||
 +	    EVP_PKEY_set1_RSA(pkey, key->rsa) != 1) {
 +		ret = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
 -	if ((ret = ssh_digest_memory(hash_alg, data, datalen,
 -	    digest, sizeof(digest))) != 0)
 -		goto out;
 +	ret = openssh_RSA_verify(hash_alg, data, datalen, sigblob, len, pkey);
 +	EVP_PKEY_free(pkey);
 -	ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len,
 -	    key->rsa);
  out:
 	freezero(sigblob, len);
 	free(sigtype);
@@ -328,122 +301,26 @@ ssh_rsa_verify(const struct sshkey *key,
 	return ret;
 }
 -/*
 - * See:
 - * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
 - * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn
 - */
 -
 -/*
 - * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
 - *	oiw(14) secsig(3) algorithms(2) 26 }
 - */
 -static const u_char id_sha1[] = {
 -	0x30, 0x21, /* type Sequence, length 0x21 (33) */
 -	0x30, 0x09, /* type Sequence, length 0x09 */
 -	0x06, 0x05, /* type OID, length 0x05 */
 -	0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */
 -	0x05, 0x00, /* NULL */
 -	0x04, 0x14  /* Octet string, length 0x14 (20), followed by sha1 hash */
 -};
 -
 -/*
 - * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
 - * id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840)
 - *      organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2)
 - *      id-sha256(1) }
 - */
 -static const u_char id_sha256[] = {
 -	0x30, 0x31, /* type Sequence, length 0x31 (49) */
 -	0x30, 0x0d, /* type Sequence, length 0x0d (13) */
 -	0x06, 0x09, /* type OID, length 0x09 */
 -	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, /* id-sha256 */
 -	0x05, 0x00, /* NULL */
 -	0x04, 0x20  /* Octet string, length 0x20 (32), followed by sha256 hash */
 -};
 -
 -/*
 - * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
 - * id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840)
 - *      organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2)
 - *      id-sha256(3) }
 - */
 -static const u_char id_sha512[] = {
 -	0x30, 0x51, /* type Sequence, length 0x51 (81) */
 -	0x30, 0x0d, /* type Sequence, length 0x0d (13) */
 -	0x06, 0x09, /* type OID, length 0x09 */
 -	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, /* id-sha512 */
 -	0x05, 0x00, /* NULL */
 -	0x04, 0x40  /* Octet string, length 0x40 (64), followed by sha512 hash */
 -};
 -
 static int
 -rsa_hash_alg_oid(int hash_alg, const u_char **oidp, size_t *oidlenp)
 +openssh_RSA_verify(int hash_alg, const u_char *data, size_t datalen,
 +    u_char *sigbuf, size_t siglen, EVP_PKEY *pkey)
 {
 -	switch (hash_alg) {
 -	case SSH_DIGEST_SHA1:
 -		*oidp = id_sha1;
 -		*oidlenp = sizeof(id_sha1);
 -		break;
 -	case SSH_DIGEST_SHA256:
 -		*oidp = id_sha256;
 -		*oidlenp = sizeof(id_sha256);
 -		break;
 -	case SSH_DIGEST_SHA512:
 -		*oidp = id_sha512;
 -		*oidlenp = sizeof(id_sha512);
 -		break;
 -	default:
 -		return SSH_ERR_INVALID_ARGUMENT;
 -	}
 -	return 0;
 -}
 +	size_t rsasize = 0;
 +	const RSA *rsa;
 +	int ret;
 -static int
 -openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen,
 -    u_char *sigbuf, size_t siglen, RSA *rsa)
 -{
 -	size_t rsasize = 0, oidlen = 0, hlen = 0;
 -	int ret, len, oidmatch, hashmatch;
 -	const u_char *oid = NULL;
 -	u_char *decrypted = NULL;
 -
 -	if ((ret = rsa_hash_alg_oid(hash_alg, &oid, &oidlen)) != 0)
 -		return ret;
 -	ret = SSH_ERR_INTERNAL_ERROR;
 -	hlen = ssh_digest_bytes(hash_alg);
 -	if (hashlen != hlen) {
 -		ret = SSH_ERR_INVALID_ARGUMENT;
 -		goto done;
 -	}
 +	rsa = EVP_PKEY_get0_RSA(pkey);
 	rsasize = RSA_size(rsa);
 	if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM ||
 	    siglen == 0 || siglen > rsasize) {
 		ret = SSH_ERR_INVALID_ARGUMENT;
 		goto done;
 	}
 -	if ((decrypted = malloc(rsasize)) == NULL) {
 -		ret = SSH_ERR_ALLOC_FAIL;
 -		goto done;
 -	}
 -	if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
 -	    RSA_PKCS1_PADDING)) < 0) {
 -		ret = SSH_ERR_LIBCRYPTO_ERROR;
 -		goto done;
 -	}
 -	if (len < 0 || (size_t)len != hlen + oidlen) {
 -		ret = SSH_ERR_INVALID_FORMAT;
 -		goto done;
 -	}
 -	oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0;
 -	hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0;
 -	if (!oidmatch || !hashmatch) {
 -		ret = SSH_ERR_SIGNATURE_INVALID;
 -		goto done;
 -	}
 -	ret = 0;
 +
 +	ret = sshkey_verify_signature(pkey, hash_alg, data, datalen,
 +	    sigbuf, siglen);
 +
 done:
 -	freezero(decrypted, rsasize);
 	return ret;
 }
 #endif /* WITH_OPENSSL */
 diff --git a/sshkey.c b/sshkey.c
 index ad1957762..b95ed0b10 100644
 --- a/sshkey.c
 +++ b/sshkey.c
@@ -358,6 +358,83 @@ sshkey_type_plain(int type)
 }
 #ifdef WITH_OPENSSL
 +int
 +sshkey_calculate_signature(EVP_PKEY *pkey, int hash_alg, u_char **sigp,
 +    int *lenp, const u_char *data, size_t datalen)
 +{
 +	EVP_MD_CTX *ctx = NULL;
 +	u_char *sig = NULL;
 +	int ret, slen, len;
 +
 +	if (sigp == NULL || lenp == NULL) {
 +		return SSH_ERR_INVALID_ARGUMENT;
 +	}
 +
 +	slen = EVP_PKEY_size(pkey);
 +	if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
 +		return SSH_ERR_INVALID_ARGUMENT;
 +
 +	len = slen;
 +	if ((sig = malloc(slen)) == NULL) {
 +		return SSH_ERR_ALLOC_FAIL;
 +	}
 +
 +	if ((ctx = EVP_MD_CTX_new()) == NULL) {
 +		ret = SSH_ERR_ALLOC_FAIL;
 +		goto error;
 +	}
 +	if (EVP_SignInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 ||
 +	    EVP_SignUpdate(ctx, data, datalen) <= 0 ||
 +	    EVP_SignFinal(ctx, sig, &len, pkey) <= 0) {
 +		ret = SSH_ERR_LIBCRYPTO_ERROR;
 +		goto error;
 +	}
 +
 +	*sigp = sig;
 +	*lenp = len;
 +	/* Now owned by the caller */
 +	sig = NULL;
 +	ret = 0;
 +
 +error:
 +	EVP_MD_CTX_free(ctx);
 +	free(sig);
 +	return ret;
 +}
 +
 +int
 +sshkey_verify_signature(EVP_PKEY *pkey, int hash_alg, const u_char *data,
 +    size_t datalen, u_char *sigbuf, int siglen)
 +{
 +	EVP_MD_CTX *ctx = NULL;
 +	int ret;
 +
 +	if ((ctx = EVP_MD_CTX_new()) == NULL) {
 +		return SSH_ERR_ALLOC_FAIL;
 +	}
 +	if (EVP_VerifyInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 ||
 +	    EVP_VerifyUpdate(ctx, data, datalen) <= 0) {
 +		ret = SSH_ERR_LIBCRYPTO_ERROR;
 +		goto done;
 +	}
 +	ret = EVP_VerifyFinal(ctx, sigbuf, siglen, pkey);
 +	switch (ret) {
 +	case 1:
 +		ret = 0;
 +		break;
 +	case 0:
 +		ret = SSH_ERR_SIGNATURE_INVALID;
 +		break;
 +	default:
 +		ret = SSH_ERR_LIBCRYPTO_ERROR;
 +		break;
 +	}
 +
 +done:
 +	EVP_MD_CTX_free(ctx);
 +	return ret;
 +}
 +
 /* XXX: these are really begging for a table-driven approach */
 int
 sshkey_curve_name_to_nid(const char *name)
 diff --git a/sshkey.h b/sshkey.h
 index a91e60436..270901a87 100644
 --- a/sshkey.h
 +++ b/sshkey.h
@@ -179,6 +179,10 @@ const char	*sshkey_ssh_name(const struct sshkey *);
 const char	*sshkey_ssh_name_plain(const struct sshkey *);
 int		 sshkey_names_valid2(const char *, int);
 char		*sshkey_alg_list(int, int, int, char);
 +int		 sshkey_calculate_signature(EVP_PKEY*, int, u_char **,
 +    int *, const u_char *, size_t);
 +int		 sshkey_verify_signature(EVP_PKEY *, int, const u_char *,
 +    size_t, u_char *, int);
 int	 sshkey_from_blob(const u_char *, size_t, struct sshkey **);
 int	 sshkey_fromb(struct sshbuf *, struct sshkey **);
--- a/openssh-8.0p1-openssl-kdf.patch
+++ b/openssh-8.0p1-openssl-kdf.patch
@ -0,0 +1,137 @@
 commit 2c3ef499bfffce3cfd315edeebf202850ba4e00a
 Author: Jakub Jelen <jjelen@redhat.com>
 Date:   Tue Apr 16 15:35:18 2019 +0200
    Use the new OpenSSL KDF
 diff --git a/configure.ac b/configure.ac
 index 2a455e4e..e01c3d43 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -2712,6 +2712,7 @@ if test "x$openssl" = "xyes" ; then
 		HMAC_CTX_init \
 		RSA_generate_key_ex \
 		RSA_get_default_method \
 +		EVP_KDF_CTX_new_id \
 	])
 	# OpenSSL_add_all_algorithms may be a macro.
 diff --git a/kex.c b/kex.c
 index b6f041f4..1fbce2bb 100644
 --- a/kex.c
 +++ b/kex.c
@@ -38,6 +38,9 @@
 #ifdef WITH_OPENSSL
 #include <openssl/crypto.h>
 #include <openssl/dh.h>
 +# ifdef HAVE_EVP_KDF_CTX_NEW_ID
 +# include <openssl/kdf.h>
 +# endif
 #endif
 #include "ssh.h"
@@ -942,6 +945,95 @@ kex_choose_conf(struct ssh *ssh)
 	return r;
 }
 +#ifdef HAVE_EVP_KDF_CTX_NEW_ID
 +static const EVP_MD *
 +digest_to_md(int digest_type)
 +{
 +	switch (digest_type) {
 +	case SSH_DIGEST_SHA1:
 +		return EVP_sha1();
 +	case SSH_DIGEST_SHA256:
 +		return EVP_sha256();
 +	case SSH_DIGEST_SHA384:
 +		return EVP_sha384();
 +	case SSH_DIGEST_SHA512:
 +		return EVP_sha512();
 +	}
 +	return NULL;
 +}
 +
 +static int
 +derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
 +    const struct sshbuf *shared_secret, u_char **keyp)
 +{
 +	struct kex *kex = ssh->kex;
 +	EVP_KDF_CTX *ctx = NULL;
 +	u_char *key = NULL;
 +	int r, key_len;
 +
 +	if ((key_len = ssh_digest_bytes(kex->hash_alg)) == 0)
 +		return SSH_ERR_INVALID_ARGUMENT;
 +	key_len = ROUNDUP(need, key_len);
 +	if ((key = calloc(1, key_len)) == NULL) {
 +		r = SSH_ERR_ALLOC_FAIL;
 +		goto out;
 +	}
 +
 +	ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
 +	if (!ctx) {
 +		r = SSH_ERR_LIBCRYPTO_ERROR;
 +		goto out;
 +	}
 +
 +	r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD, digest_to_md(kex->hash_alg));
 +	if (r != 1) {
 +		r = SSH_ERR_LIBCRYPTO_ERROR;
 +		goto out;
 +	}
 +	r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY,
 +	    sshbuf_ptr(shared_secret), sshbuf_len(shared_secret));
 +	if (r != 1) {
 +		r = SSH_ERR_LIBCRYPTO_ERROR;
 +		goto out;
 +	}
 +	r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, hash, hashlen);
 +	if (r != 1) {
 +		r = SSH_ERR_LIBCRYPTO_ERROR;
 +		goto out;
 +	}
 +	r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, id);
 +	if (r != 1) {
 +		r = SSH_ERR_LIBCRYPTO_ERROR;
 +		goto out;
 +	}
 +	r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
 +	    kex->session_id, kex->session_id_len);
 +	if (r != 1) {
 +		r = SSH_ERR_LIBCRYPTO_ERROR;
 +		goto out;
 +	}
 +	r = EVP_KDF_derive(ctx, key, key_len);
 +	if (r != 1) {
 +		r = SSH_ERR_LIBCRYPTO_ERROR;
 +		goto out;
 +	}
 +#ifdef DEBUG_KEX
 +	fprintf(stderr, "key '%c'== ", id);
 +	dump_digest("key", key, key_len);
 +#endif
 +	*keyp = key;
 +	key = NULL;
 +	r = 0;
 +
 +out:
 +	free (key);
 +	EVP_KDF_CTX_free(ctx);
 +	if (r < 0) {
 +		return r;
 +	}
 +	return 0;
 +}
 +#else
 static int
 derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
     const struct sshbuf *shared_secret, u_char **keyp)
@@ -1004,6 +1096,7 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
 	ssh_digest_free(hashctx);
 	return r;
 }
 +#endif /* HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID */
 #define NKEYS	6
 int
--- a/openssh-8.0p1-pkcs11-uri.patch
+++ b/openssh-8.0p1-pkcs11-uri.patch
--- a/openssh-8.2p1-visibility.patch
+++ b/openssh-8.2p1-visibility.patch
@ -0,0 +1,40 @@
 diff --git a/regress/misc/sk-dummy/sk-dummy.c b/regress/misc/sk-dummy/sk-dummy.c
 index dca158de..afdcb1d2 100644
 --- a/regress/misc/sk-dummy/sk-dummy.c
 +++ b/regress/misc/sk-dummy/sk-dummy.c
@@ -71,7 +71,7 @@ skdebug(const char *func, const char *fmt, ...)
 #endif
 }
 -uint32_t
 +uint32_t __attribute__((visibility("default")))
 sk_api_version(void)
 {
 	return SSH_SK_VERSION_MAJOR;
@@ -220,7 +220,7 @@ check_options(struct sk_option **options)
 	return 0;
 }
 -int
 +int __attribute__((visibility("default")))
 sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
     const char *application, uint8_t flags, const char *pin,
     struct sk_option **options, struct sk_enroll_response **enroll_response)
@@ -467,7 +467,7 @@ sig_ed25519(const uint8_t *message, size_t message_len,
 	return ret;
 }
 -int
 +int __attribute__((visibility("default")))
 sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
     const char *application, const uint8_t *key_handle, size_t key_handle_len,
     uint8_t flags, const char *pin, struct sk_option **options,
@@ -518,7 +518,7 @@ sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
 	return ret;
 }
 -int
 +int __attribute__((visibility("default")))
 sk_load_resident_keys(const char *pin, struct sk_option **options,
     struct sk_resident_key ***rks, size_t *nrks)
 {
--- a/openssh-8.2p1.tar.gz
+++ b/openssh-8.2p1.tar.gz
--- a/openssh-8.2p1.tar.gz.asc
+++ b/openssh-8.2p1.tar.gz.asc
@ -0,0 +1,14 @@
 -----BEGIN PGP SIGNATURE-----
 iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAl5F7e8ACgkQ0+X1a22S
 DTBoGQx+Lw7zBdx+GFg4T5uDbpN3zXcscEvPRfKCP07WGVnQsSOqbfa9v0coSnAK
 thE0R1iVr/uwFQ+MsgUWFWUQ4yWmKCiIFrnmuX8rqtN3NJBa2PG2mUGi/eAYsctW
 ZFPT2B9Is264TWi94/p1dQaDM7tFxqtsLePvq+hPY5IFOu5y5bpEMFCXFHC1TNko
 nY3dP2ij3IVjeBSEfotjbE04EUaoOlLh8g65vZV1vQDSIMHoqZ9cWmdtdonK8BNf
 ql2JU5RM5+NJk69quQM6RruDfJ6W0XelDaO286u33Loyl1mDAXXT6z8ooSipryHF
 OcM2FYUgI42GLfrmpqOsUD0z6GHcUpHWD30wlQkPwX7VWRWQlXORUnVwRTF94TFs
 nMOvFOWn7oCn5SVwZXBWitgZ6DGzVdsi1E7WZZZlSbxFgXMFYqCqKL1+dSlcN66l
 lRlC/kldYgeRV+OwCM0MPHok77A8W+nwNxWMj56HNnUMJXm3rZTs1MKmKKLfksEr
 PlC6zMmFgClq6RayKqHwp14bwAxqsg==
 =t8DJ
 -----END PGP SIGNATURE-----
--- a/openssh-fix-typo-that-prevented-detection-of-Linux-V.patch
+++ b/openssh-fix-typo-that-prevented-detection-of-Linux-V.patch
@ -1,25 +0,0 @@
 From be8fcc621cfcec59a521f9a2929c98a89e5e9136 Mon Sep 17 00:00:00 2001
 From: hexiaowen <hexiaowen@huawei.com>
 Date: Mon, 15 Jul 2019 21:25:42 +0800
 Subject: [PATCH] openssh: fix typo that prevented detection of Linux VRF
 ---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/configure.ac b/configure.ac
 index ed7a6bb..671819d 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -849,7 +849,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
 	    AC_DEFINE([SYS_RDOMAIN_LINUX], [1],
 		[Support routing domains using Linux VRF]), [], [
 #ifdef HAVE_SYS_TYPES_H
 -# include <sys/types.H>
 +# include <sys/types.h>
 #endif
 	    ])
 	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
 -- 
 1.8.3.1
--- a/openssh.spec
+++ b/openssh.spec
@ -1,170 +1,177 @@
 %global gtk2 1
 %global pie 1
 # Add option to build without GTK2 for older platforms with only GTK+.
 # rpm -ba|--rebuild --define 'no_gtk2 1'
 %{?no_gtk2:%global gtk2 0}
 %global pam_ssh_agent_rel 5
 %global sshd_uid    74
-Name:          openssh
+Name:           openssh
-Version:       7.8p1
+Version:        8.2p1
-Release:       9
+Release:        5
-URL:           https://www.openssh.com/portable.html
+URL:            http://www.openssh.com/portable.html
-License:       BSD
+License:        BSD
-Summary:       An open source implementation of SSH protocol version 2
+Summary:        An open source implementation of SSH protocol version 2
-Source0:       https://ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
+Source0:        https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
-Source1:       https://ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
+Source1:        https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
-Source2:       sshd.pam
+Source2:        sshd.pam
-Source3:       DJM-GPG-KEY.gpg
+Source4:        http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.10.3.tar.bz2
-Source4:       https://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.10.3.tar.bz2
+Source5:        pam_ssh_agent-rmheaders
-Source5:       pam_ssh_agent-rmheaders
+Source6:        ssh-keycat.pam
-Source6:       ssh-keycat.pam
+Source7:        sshd.sysconfig
-Source7:       sshd.sysconfig
+Source9:        sshd@.service
-Source9:       sshd@.service
+Source10:       sshd.socket
-Source10:      sshd.socket
+Source11:       sshd.service
-Source11:      sshd.service
+Source12:       sshd-keygen@.service
-Source12:      sshd-keygen@.service
+Source13:       sshd-keygen
-Source13:      sshd-keygen
+Source14:       sshd.tmpfiles
-Source14:      sshd.tmpfiles
+Source15:       sshd-keygen.target
-Source15:      sshd-keygen.target
+Patch0:         openssh-6.7p1-coverity.patch
 Patch1:         openssh-7.6p1-audit.patch
 Patch2:         openssh-7.1p2-audit-race-condition.patch
 Patch3:         pam_ssh_agent_auth-0.9.3-build.patch
 Patch4:         pam_ssh_agent_auth-0.10.3-seteuid.patch
 Patch5:         pam_ssh_agent_auth-0.9.2-visibility.patch
 Patch6:         pam_ssh_agent_auth-0.9.3-agent_structure.patch
 Patch7:         pam_ssh_agent_auth-0.10.2-compat.patch
 Patch8:         pam_ssh_agent_auth-0.10.2-dereference.patch
 Patch9:         openssh-7.8p1-role-mls.patch
 Patch10:        openssh-6.6p1-privsep-selinux.patch
 Patch11:        openssh-6.7p1-ldap.patch
 Patch12:        openssh-6.6p1-keycat.patch
 Patch13:        openssh-6.6p1-allow-ip-opts.patch
 Patch14:        openssh-6.6p1-keyperm.patch
 Patch15:        openssh-5.9p1-ipv6man.patch
 Patch16:        openssh-5.8p2-sigpipe.patch
 Patch17:        openssh-7.2p2-x11.patch
 Patch18:        openssh-7.7p1-fips.patch
 Patch19:        openssh-5.1p1-askpass-progress.patch
 Patch20:        openssh-4.3p2-askpass-grab-info.patch
 Patch21:        openssh-7.7p1.patch
 Patch22:        openssh-7.8p1-UsePAM-warning.patch
 Patch23:        openssh-6.3p1-ctr-evp-fast.patch
 Patch24:        openssh-6.6p1-ctr-cavstest.patch
 Patch25:        openssh-6.7p1-kdf-cavs.patch
 Patch26:        openssh-8.0p1-gssapi-keyex.patch
 Patch27:        openssh-6.6p1-force_krb.patch
 Patch28:        openssh-6.6p1-GSSAPIEnablek5users.patch
 Patch29:        openssh-7.7p1-gssapi-new-unique.patch
 Patch30:        openssh-7.2p2-k5login_directory.patch
 Patch31:        openssh-6.6p1-kuserok.patch
 Patch32:        openssh-6.4p1-fromto-remote.patch
 Patch33:        openssh-6.6.1p1-selinux-contexts.patch
 Patch34:        openssh-6.6.1p1-log-in-chroot.patch
 Patch35:        openssh-6.6.1p1-scp-non-existing-directory.patch
 Patch36:        openssh-6.8p1-sshdT-output.patch
 Patch37:        openssh-6.7p1-sftp-force-permission.patch
 Patch38:        openssh-7.2p2-s390-closefrom.patch
 Patch39:        openssh-7.3p1-x11-max-displays.patch
 Patch40:        openssh-7.4p1-systemd.patch
 Patch41:        openssh-7.6p1-cleanup-selinux.patch
 Patch42:        openssh-7.5p1-sandbox.patch
 Patch43:        openssh-8.0p1-pkcs11-uri.patch
 Patch44:        openssh-7.8p1-scp-ipv6.patch
 Patch45:        openssh-7.9p1-ssh-copy-id.patch
 Patch46:        openssh-8.0p1-crypto-policies.patch
 Patch47:        openssh-8.0p1-openssl-evp.patch
 Patch48:        openssh-8.0p1-openssl-kdf.patch
 Patch49:        openssh-8.2p1-visibility.patch
 Patch50:        bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch
 Patch51:        bugfix-openssh-6.6p1-log-usepam-no.patch
 Patch52:        bugfix-openssh-add-option-check-username-splash.patch
 Patch53:        feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch
 Patch54:        bugfix-openssh-fix-sftpserver.patch
 Patch55:        bugfix-debug3-to-verbose-in-command.patch
 Patch56:        set-sshd-config.patch
 Patch57:        CVE-2020-12062-1.patch
 Patch58:        CVE-2020-12062-2.patch
 Patch59:        upstream-expose-vasnmprintf.patch
-Patch0:        openssh-6.7p1-coverity.patch
+Requires:       /sbin/nologin
-#https://bugzilla.redhat.com/show_bug.cgi?id=735889
+Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
-Patch1:        openssh-7.3p1-openssl-1.1.0.patch
+Requires:       openssh-server = %{version}-%{release}
 # https://bugzilla.redhat.com/show_bug.cgi?id=1171248
 Patch2:        openssh-7.6p1-audit.patch
 Patch3:        openssh-7.1p2-audit-race-condition.patch
 Patch4:        pam_ssh_agent_auth-0.9.3-build.patch
 Patch5:        pam_ssh_agent_auth-0.10.3-seteuid.patch
 Patch6:        pam_ssh_agent_auth-0.9.2-visibility.patch
 Patch7:        pam_ssh_agent_auth-0.9.3-agent_structure.patch
 Patch8:        pam_ssh_agent_auth-0.10.2-compat.patch
 Patch9:        pam_ssh_agent_auth-0.10.2-dereference.patch
 Patch10:       openssh-7.8p1-role-mls.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=781634
 Patch11:       openssh-6.6p1-privsep-selinux.patch
 Patch12:       openssh-6.7p1-ldap.patch
 Patch13:       openssh-6.6p1-keycat.patch
 Patch14:       openssh-6.6p1-allow-ip-opts.patch
 Patch15:       openssh-6.6p1-keyperm.patch
 Patch16:       openssh-5.9p1-ipv6man.patch
 Patch17:       openssh-5.8p2-sigpipe.patch
 Patch18:       openssh-7.2p2-x11.patch
 Patch19:       openssh-7.7p1-fips.patch
 Patch20:       openssh-5.1p1-askpass-progress.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=198332
 Patch21:       openssh-4.3p2-askpass-grab-info.patch
 #patch from redhat 
 Patch22:       openssh-7.7p1.patch
 Patch23:       openssh-6.2p1-vendor.patch
 Patch24:       openssh-7.8p1-UsePAM-warning.patch
 Patch25:       openssh-6.3p1-ctr-evp-fast.patch
 Patch26:       openssh-6.6p1-ctr-cavstest.patch
 Patch27:       openssh-6.7p1-kdf-cavs.patch
 Patch28:       openssh-7.8p1-gsskex.patch
 Patch29:       openssh-6.6p1-force_krb.patch
 Patch30:       openssh-6.6p1-GSSAPIEnablek5users.patch
 # from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765655
 Patch31:       openssh-7.1p1-gssapi-documentation.patch
 Patch32:       openssh-7.7p1-gssapi-new-unique.patch
 Patch33:       openssh-7.2p2-k5login_directory.patch
 Patch34:       openssh-7.5p1-gssapi-kex-with-ec.patch
 Patch35:       openssh-6.1p1-gssapi-canohost.patch
 Patch36:       openssh-6.6p1-kuserok.patch
 Patch37:       openssh-6.4p1-fromto-remote.patch
 Patch38:       openssh-6.6.1p1-selinux-contexts.patch
 Patch39:       openssh-6.6.1p1-log-in-chroot.patch
 Patch40:       openssh-6.6.1p1-scp-non-existing-directory.patch
 Patch41:       openssh-7.8p1-ip-port-config-parser.patch
 Patch42:       openssh-6.8p1-sshdT-output.patch
 Patch43:       openssh-6.7p1-sftp-force-permission.patch
 Patch44:       openssh-6.9p1-permit-root-login.patch
 Patch45:       openssh-7.0p1-gssKexAlgorithms.patch
 Patch46:       openssh-7.2p2-s390-closefrom.patch
 Patch47:       openssh-7.3p1-x11-max-displays.patch
 Patch48:       openssh-7.4p1-systemd.patch
 Patch49:       openssh-7.6p1-cleanup-selinux.patch
 Patch50:       openssh-7.5p1-sandbox.patch
 Patch51:       openssh-7.6p1-pkcs11-uri.patch
 Patch52:       openssh-7.6p1-pkcs11-ecdsa.patch
 Patch53:       openssh-7.8p1-scp-ipv6.patch
 Patch54:       Initial-len-for-the-fmt-NULL-case.patch
 Patch55:       upstream-fix-build-with-DEBUG_PK-enabled.patch
 Patch56:       upstream-fix-misplaced-parenthesis-inside-if-clause..patch
 Patch57:       delete-the-correct-thing-kexfuzz-binary.patch
 Patch58:       upstream-When-choosing-a-prime-from-the-moduli-file-.patch
 Patch59:       upstream-fix-ssh-Q-sig-to-show-correct-signature-alg.patch
 Patch60:       in-pick_salt-avoid-dereference-of-NULL-passwords.patch
 Patch61:       check-for-NULL-return-from-shadow_pw.patch
 Patch62:       check-pw_passwd-NULL-here-too.patch
 Patch63:       upstream-typo-in-plain-RSA-algorithm-counterpart-nam.patch
 Patch64:       upstream-correct-local-variable-name-from-yawang-AT-.patch
 Patch65:       upstream-typo-in-error-message-caught-by-Debian-lint.patch
 Patch66:       upstream-fix-bug-in-HostbasedAcceptedKeyTypes-and.patch
 Patch67:       upstream-fix-bug-in-client-that-was-keeping-a-redund.patch
 Patch68:       upstream-disallow-empty-incoming-filename-or-ones-th.patch
 Patch69:       upstream-make-grandparent-parent-child-sshbuf-chains.patch
 Patch70:       Move-RANDOM_SEED_SIZE-outside-ifdef.patch
 Patch71:       upstream-don-t-truncate-user-or-host-name-in-user-ho.patch
 Patch72:       upstream-don-t-attempt-to-connect-to-empty-SSH_AUTH_.patch
 Patch73:       upstream-only-consider-the-ext-info-c-extension-duri.patch
 Patch74:       upstream-fix-memory-leak-of-ciphercontext-when-rekey.patch
 Patch75:       upstream-Fix-BN_is_prime_-calls-in-SSH-the-API-retur.patch
 Patch76:       upstream-Always-initialize-2nd-arg-to-hpdelim2.-It-p.patch
 Patch77:       Cygwin-Change-service-name-to-cygsshd.patch
 Patch78:       openssh-fix-typo-that-prevented-detection-of-Linux-V.patch
 Patch79:       CVE-2019-6109-1.patch
 Patch80:       CVE-2019-6109-2.patch
 Patch81:       CVE-2019-6111-1.patch
 Patch82:       CVE-2019-6111-2.patch
 Patch83:       CVE-2019-16905.patch
 Patch84:       upstream-fix-sshd-T-without-C.patch
 Patch85:       bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch
 Patch86:       bugfix-openssh-6.6p1-log-usepam-no.patch
 Patch87:       bugfix-openssh-add-option-check-username-splash.patch
 Patch88:       feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch
 Patch89:       bugfix-supply-callback-to-PEM-read-bio-PrivateKey.patch
 Patch90:       bugfix-openssh-fix-sftpserver.patch
 Patch91:       bugfix-CVE-2018-15919.patch
 Patch92:       CVE-2020-12062-1.patch
 Patch93:       CVE-2020-12062-2.patch
 Patch94:       upstream-expose-vasnmprintf.patch
-Requires:      /sbin/nologin libselinux >= 2.3-5 audit-libs >= 1.0.8
+BuildRequires:  gtk2-devel libX11-devel openldap-devel autoconf automake perl-interpreter perl-generators
-Requires:      fipscheck-lib >= 1.3.0 
+BuildRequires:  zlib-devel audit-libs-devel >= 2.0.5 util-linux groff pam-devel fipscheck-devel >= 1.3.0
-Requires(pre): /usr/sbin/useradd
+BuildRequires:  openssl-devel >= 0.9.8j perl-podlators systemd-devel gcc p11-kit-devel krb5-devel
-Requires(pre): shadow-utils
+BuildRequires:  libedit-devel ncurses-devel libselinux-devel >= 2.3-5 audit-libs >= 1.0.8 xauth gnupg2
 Requires:      pam >= 1.0.1-3
 Requires:      fipscheck-lib >= 1.3.0
 Requires:      crypto-policies >= 20180306-1
-Obsoletes:     openssh-clients-fips openssh-server-fips openssh-server-sysvinit openssh-cavs openssh-askpass-gnome
+Recommends:     p11-kit
 Obsoletes:     openssh-clients openssh-server openssh-ldap openssh-keycat openssh-askpass 
 Provides:      openssh-clients openssh-server openssh-ldap openssh-keycat openssh-askpass openssh-cavs openssh-askpass-gnome
-BuildRequires: gtk2-devel libX11-devel openldap-devel autoconf automake perl-interpreter perl-generators
+%package        clients
-BuildRequires: zlib-devel audit-libs-devel >= 2.0.5 util-linux groff pam-devel fipscheck-devel >= 1.3.0
+Summary:        An open source SSH client applications
-BuildRequires: openssl-devel >= 0.9.8j perl-podlators systemd-devel gcc p11-kit-devel krb5-devel
+Requires:       openssh = %{version}-%{release}
-BuildRequires: libedit-devel ncurses-devel libselinux-devel >= 2.3-5 audit-libs >= 1.0.8 xauth gnupg2
+Requires:       fipscheck-lib%{_isa} >= 1.3.0
 Requires:       crypto-policies >= 20180306-1
 %package        server
 Summary:        An open source SSH server daemon
 Requires:       openssh = %{version}-%{release}
 Requires(pre):  shadow
 Requires:       pam >= 1.0.1-3
 Requires:       fipscheck-lib%{_isa} >= 1.3.0
 Requires:       crypto-policies >= 20180306-1
 %{?systemd_requires}
-Recommends:    p11-kit
+%package        ldap
 Summary:        A LDAP support for open source SSH server daemon
 Requires:       openssh = %{version}-%{release}
 %package        keycat
 Summary:        A mls keycat backend for openssh
 Requires:       openssh = %{version}-%{release}
 %package        askpass
 Summary:        A passphrase dialog for OpenSSH and X
 Requires:       openssh = %{version}-%{release}
 Obsoletes:      openssh-askpass-gnome
 Provides:       openssh-askpass-gnome
 %package        cavs
 Summary:        CAVS tests for FIPS validation
 Requires:       openssh = %{version}-%{release}
 %package -n pam_ssh_agent_auth
 Summary:        PAM module for authentication with ssh-agent
 Version:        0.10.3
 Release:        9.1
 License:        BSD
 %description
-penSSH is the premier connectivity tool for remote login with the SSH protocol. \
+OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \
 It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \
 other attacks. In addition, OpenSSH provides a large suite of secure tunneling \
 capabilities, several authentication methods, and sophisticated configuration options.
-%package -n pam_ssh_agent_auth
+%description clients
-Summary: PAM module for the use of authentication with ssh-agent
+OpenSSH is a free version of SSH (Secure SHell), a program for logging
-Version: 0.10.3
+into and executing commands on a remote machine. This package includes
-Release: %{pam_ssh_agent_rel}.4
+the clients necessary to make encrypted connections to SSH servers.
-License: BSD
+
 %description server
 OpenSSH is a free version of SSH (Secure SHell), a program for logging
 into and executing commands on a remote machine. This package contains
 the secure shell daemon (sshd). The sshd daemon allows SSH clients to
 securely connect to your SSH server.
 %description ldap
 OpenSSH LDAP backend is a way how to distribute the authorized tokens
 among the servers in the network.
 %description keycat
 OpenSSH mls keycat is backend for using the authorized keys in the
 openssh in the mls mode.
 %description askpass
 OpenSSH is a free version of SSH (Secure SHell), a program for logging
 into and executing commands on a remote machine. This package contains
 an X11 passphrase dialog for OpenSSH.
 %description cavs
 This package contains test binaries and scripts to make FIPS validation
 easier. Now contains CTR and KDF CAVS test driver.
 %description -n pam_ssh_agent_auth
 Provides PAM module for the use of authentication with ssh-agent. Through the use of the\
@ -174,109 +181,74 @@ instance. The module is most useful for su and sudo service stacks.
 %package_help
 %prep
 gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
 %setup -q -a 4
 pushd pam_ssh_agent_auth-0.10.3
-%patch4 -p2 -b .psaa-build
+%patch3 -p2 -b .psaa-build
-%patch5 -p2 -b .psaa-seteuid
+%patch4 -p2 -b .psaa-seteuid
-%patch6 -p2 -b .psaa-visibility
+%patch5 -p2 -b .psaa-visibility
-%patch8 -p2 -b .psaa-compat
+%patch7 -p2 -b .psaa-compat
-%patch7 -p2 -b .psaa-agent
+%patch6 -p2 -b .psaa-agent
-%patch9 -p2 -b .psaa-deref
+%patch8 -p2 -b .psaa-deref
 # Remove duplicate headers and library files
 rm -f $(cat %{SOURCE5})
 popd
-%patch10 -p1 -b .role-mls
+%patch9 -p1 -b .role-mls
-%patch11 -p1 -b .privsep-selinux
+%patch10 -p1 -b .privsep-selinux
-%patch12 -p1 -b .ldap
+%patch11 -p1 -b .ldap
-%patch13 -p1 -b .keycat
+%patch12 -p1 -b .keycat
-%patch14 -p1 -b .ip-opts
+%patch13 -p1 -b .ip-opts
-%patch15 -p1 -b .keyperm
+%patch14 -p1 -b .keyperm
-%patch16 -p1 -b .ipv6man
+%patch15 -p1 -b .ipv6man
-%patch17 -p1 -b .sigpipe
+%patch16 -p1 -b .sigpipe
-%patch18 -p1 -b .x11
+%patch17 -p1 -b .x11
-%patch20 -p1 -b .progress
+%patch19 -p1 -b .progress
-%patch21 -p1 -b .grab-info
+%patch20 -p1 -b .grab-info
-%patch22 -p1 
+%patch21 -p1
-%patch23 -p1 -b .vendor
+%patch22 -p1 -b .log-usepam-no
-%patch24 -p1 -b .log-usepam-no
+%patch23 -p1 -b .evp-ctr
-%patch25 -p1 -b .evp-ctr
+%patch24 -p1 -b .ctr-cavs
-%patch26 -p1 -b .ctr-cavs
+%patch25 -p1 -b .kdf-cavs
-%patch27 -p1 -b .kdf-cavs
+%patch26 -p1 -b .gsskex
-%patch28 -p1 -b .gsskex
+%patch27 -p1 -b .force_krb
-%patch29 -p1 -b .force_krb
+%patch29 -p1 -b .ccache_name
-%patch31 -p1 -b .gss-docs
+%patch30 -p1 -b .k5login
-%patch32 -p1 -b .ccache_name
+%patch31 -p1 -b .kuserok
-%patch33 -p1 -b .k5login
+%patch32 -p1 -b .fromto-remote
-%patch35 -p1 -b .canohost
+%patch33 -p1 -b .contexts
-%patch36 -p1 -b .kuserok
+%patch34 -p1 -b .log-in-chroot
-%patch37 -p1 -b .fromto-remote
+%patch35 -p1 -b .scp
-%patch38 -p1 -b .contexts
+%patch28 -p1 -b .GSSAPIEnablek5users
-%patch39 -p1 -b .log-in-chroot
+%patch36 -p1 -b .sshdt
-%patch40 -p1 -b .scp
+%patch37 -p1 -b .sftp-force-mode
-%patch41 -p1 -b .config
+%patch38 -p1 -b .s390-dev
-%patch30 -p1 -b .GSSAPIEnablek5users
+%patch39 -p1 -b .x11max
-%patch42 -p1 -b .sshdt
+%patch40 -p1 -b .systemd
-%patch43 -p1 -b .sftp-force-mode
+%patch41 -p1 -b .refactor
-%patch44 -p1 -b .root-login
+%patch42 -p1 -b .sandbox
-%patch45 -p1 -b .gsskexalg
+%patch43 -p1 -b .pkcs11-uri
-%patch46 -p1 -b .s390-dev
+%patch44 -p1 -b .scp-ipv6
-%patch47 -p1 -b .x11max
+%patch45 -p1 -b .ssh-copy-id
-%patch48 -p1 -b .systemd
+%patch46 -p1 -b .crypto-policies
-%patch34 -p1 -b .gsskex-ec
+%patch47 -p1 -b .openssl-evp
-%patch49 -p1 -b .refactor
+%patch48 -p1 -b .openssl-kdf
-%patch50 -p1 -b .sandbox
+%patch49 -p1 -b .visibility
-%patch51 -p1 -b .pkcs11-uri
+%patch1 -p1 -b .audit
-%patch52 -p1 -b .pkcs11-ecdsa
+%patch2 -p1 -b .audit-race
-%patch53 -p1 -b .scp-ipv6
+%patch18 -p1 -b .fips
 %patch2 -p1 -b .audit
 %patch3 -p1 -b .audit-race
 %patch19 -p1 -b .fips
 %patch0 -p1 -b .coverity
-%patch1 -p1 -b .openssl
+
 %patch50 -p1
 %patch51 -p1
 %patch52 -p1
 %patch53 -p1
 %patch54 -p1
 %patch55 -p1
 %patch56 -p1
 %patch57 -p1
 %patch58 -p1
 %patch59 -p1
 %patch60 -p1
 %patch61 -p1
 %patch62 -p1
 %patch63 -p1
 %patch64 -p1
 %patch65 -p1
 %patch66 -p1
 %patch67 -p1
 %patch68 -p1
 %patch69 -p1
 %patch70 -p1
 %patch71 -p1
 %patch72 -p1
 %patch73 -p1
 %patch74 -p1
 %patch75 -p1
 %patch76 -p1
 %patch77 -p1
 %patch78 -p1
 %patch79 -p1
 %patch80 -p1
 %patch81 -p1
 %patch82 -p1
 %patch83 -p1
 %patch85 -p1
 %patch86 -p1
 %patch87 -p1
 %patch88 -p1
 %patch89 -p1
 %patch90 -p1
 %patch84 -p1
 %patch91 -p1
 %patch92 -p1
 %patch93 -p1
 %patch94 -p1
 autoreconf
 pushd pam_ssh_agent_auth-0.10.3
@ -286,6 +258,7 @@ popd
 %build
 CFLAGS="$RPM_OPT_FLAGS -fvisibility=hidden"; export CFLAGS
 CFLAGS="$CFLAGS -Os"
 %ifarch s390 s390x sparc sparcv9 sparc64
 CFLAGS="$CFLAGS -fPIC"
 %else
@ -298,51 +271,51 @@ export CFLAGS
 export LDFLAGS
 if test -r /etc/profile.d/krb5-devel.sh ; then
-	source /etc/profile.d/krb5-devel.sh
+    source /etc/profile.d/krb5-devel.sh
 fi
 krb5_prefix=`krb5-config --prefix`
 if test "$krb5_prefix" != "%{_prefix}" ; then
-	CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS
+    CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS
-	CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"
+    CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"
-	LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS
+    LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS
 else
-	krb5_prefix=
+    krb5_prefix=
-	CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS
+    CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS
-	CFLAGS="$CFLAGS -I%{_includedir}/gssapi"
+    CFLAGS="$CFLAGS -I%{_includedir}/gssapi"
 fi
 %configure \
-	--sysconfdir=%{_sysconfdir}/ssh --libexecdir=%{_libexecdir}/openssh \
+    --sysconfdir=%{_sysconfdir}/ssh --libexecdir=%{_libexecdir}/openssh \
-	--datadir=%{_datadir}/openssh --with-default-path=/usr/local/bin:/usr/bin \
+    --datadir=%{_datadir}/openssh --with-default-path=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin \
-	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
+    --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
-	--with-privsep-path=%{_var}/empty/sshd -disable-strip \
+    --with-privsep-path=%{_var}/empty/sshd --disable-strip \
-	--enable-vendor-patchlevel="FC-7.8p1-3" \
+    --without-zlib-version-check --with-ssl-engine --with-ipaddr-display \
-	--without-zlib-version-check --with-ssl-engine --with-ipaddr-display \
+    --with-pie=no --without-hardening --with-systemd --with-default-pkcs11-provider=yes \
-	--with-pie=no --without-hardening --with-systemd --with-default-pkcs11-provider=yes \
+    --with-ldap --with-pam --with-selinux --with-audit=linux \
 	--with-ldap --with-pam --with-selinux --with-audit=linux \
 %ifnarch riscv64	
-	 --with-sandbox=seccomp_filter \
+     --with-sandbox=seccomp_filter \
 %endif
-	--with-kerberos5${krb5_prefix:+=${krb5_prefix}} --with-libedit
+    --with-kerberos5${krb5_prefix:+=${krb5_prefix}} --with-libedit
 make
 gtk2=yes
 pushd contrib
 if [ $gtk2 = yes ] ; then
-	CFLAGS="$CFLAGS %{?__global_ldflags}" \
+    CFLAGS="$CFLAGS %{?__global_ldflags}" \
-	    make gnome-ssh-askpass2
+        make gnome-ssh-askpass2
-	mv gnome-ssh-askpass2 gnome-ssh-askpass
+    mv gnome-ssh-askpass2 gnome-ssh-askpass
 else
-	CFLAGS="$CFLAGS %{?__global_ldflags}"
+    CFLAGS="$CFLAGS %{?__global_ldflags}"
-	    make gnome-ssh-askpass1
+        make gnome-ssh-askpass1
-	mv gnome-ssh-askpass1 gnome-ssh-askpass
+    mv gnome-ssh-askpass1 gnome-ssh-askpass
 fi
 popd
 pushd pam_ssh_agent_auth-0.10.3
 LDFLAGS="$SAVE_LDFLAGS"
-%configure --with-selinux --libexecdir=/%{_libdir}/security --with-mantype=man
+%configure --with-selinux --libexecdir=/%{_libdir}/security --with-mantype=man \
    --without-openssl-header-check
 make
 popd
@ -367,10 +340,10 @@ mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ldap.conf
-mkdir -p $RPM_BUILD_ROOT/etc/pam.d/
+install -d $RPM_BUILD_ROOT/etc/pam.d/
-mkdir -p $RPM_BUILD_ROOT/etc/sysconfig/
+install -d $RPM_BUILD_ROOT/etc/sysconfig/
-mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/openssh
+install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
-mkdir -p $RPM_BUILD_ROOT%{_libdir}/fipscheck
+install -d $RPM_BUILD_ROOT%{_libdir}/fipscheck
 install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
 install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat
 install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd
@ -400,60 +373,85 @@ popd
 %pre
 getent group ssh_keys >/dev/null || groupadd -r ssh_keys || :
 %pre server
 getent group sshd >/dev/null || groupadd -g %{sshd_uid} -r sshd || :
 getent passwd sshd >/dev/null || \
  useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd \
  -s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || :
-%post 
+%post server
 %systemd_post sshd.service sshd.socket
-%preun 
+%preun server
 %systemd_preun sshd.service sshd.socket
-%postun 
+%postun server
 %systemd_postun_with_restart sshd.service
 %files
 %defattr(-,root,root)
 %doc CREDITS INSTALL README.platform
 %license LICENCE
-%dir %attr(0711,root,root) %{_var}/empty/sshd
+%doc CREDITS README.platform
 %attr(0644,root,root) %{_tmpfilesdir}/openssh.conf
 %attr(0644,root,root) %config(noreplace) /etc/pam.d/ssh*        
 %attr(0640,root,root) %config(noreplace) /etc/sysconfig/sshd
 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
+%attr(0755,root,root) %{_bindir}/ssh-keygen
 %dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d/
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/05-redhat.conf
 %attr(0644,root,root) %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
 %attr(0755,root,root) %{_sbindir}/sshd
 %attr(0755,root,root) %{_bindir}/ssh*
 %attr(0755,root,root) %{_bindir}/scp
 %attr(0755,root,root) %{_bindir}/sftp
 %attr(0644,root,root) %{_libdir}/fipscheck/ssh*.hmac
 %attr(0755,root,root) %dir %{_libexecdir}/openssh
 %attr(2555,root,ssh_keys) %{_libexecdir}/openssh/ssh-keysign
-%attr(0755,root,root) %{_libexecdir}/openssh/ctr-cavstest
+
-%attr(0755,root,root) %{_libexecdir}/openssh/ssh-cavs*
+%files clients
 %attr(0755,root,root) %{_bindir}/ssh
 %attr(0644,root,root) %{_libdir}/fipscheck/ssh.hmac
 %attr(0755,root,root) %{_bindir}/scp
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/05-redhat.conf
 %attr(0755,root,root) %{_bindir}/ssh-agent
 %attr(0755,root,root) %{_bindir}/ssh-add
 %attr(0755,root,root) %{_bindir}/ssh-keyscan
 %attr(0755,root,root) %{_bindir}/sftp
 %attr(0755,root,root) %{_bindir}/ssh-copy-id
 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
-%attr(0755,root,root) %{_libexecdir}/openssh/ssh-ldap-*
+%attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
-%attr(0755,root,root) %{_libexecdir}/openssh/ssh-keycat
+
-%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
+%files server
 %dir %attr(0711,root,root) %{_var}/empty/sshd
 %attr(0755,root,root) %{_sbindir}/sshd
 %attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac
 %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
 %attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
 %attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
 %attr(0640,root,root) %config(noreplace) /etc/sysconfig/sshd
 %attr(0644,root,root) %{_unitdir}/sshd.service
 %attr(0644,root,root) %{_unitdir}/sshd@.service
 %attr(0644,root,root) %{_unitdir}/sshd.socket
 %attr(0644,root,root) %{_unitdir}/sshd-keygen@.service
 %attr(0644,root,root) %{_unitdir}/sshd-keygen.target
 %attr(0644,root,root) %{_tmpfilesdir}/openssh.conf
 %files ldap
 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-ldap-helper
 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-ldap-wrapper
 %files keycat
 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-keycat
 %attr(0644,root,root) %config(noreplace) /etc/pam.d/ssh-keycat
 %files askpass
 %attr(0644,root,root) %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
 %attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
-%attr(0644,root,root) %{_unitdir}/sshd*
+%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
 %files cavs
 %attr(0755,root,root) %{_libexecdir}/openssh/ctr-cavstest
 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-cavs
 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-cavs_driver.pl
 %files -n pam_ssh_agent_auth
 %defattr(-,root,root)
 %license pam_ssh_agent_auth-0.10.3/OPENSSH_LICENSE
 %attr(0755,root,root) %{_libdir}/security/pam_ssh_agent_auth.so
 %attr(0644,root,root) %{_mandir}/man8/pam_ssh_agent_auth.8*
 %files help
 %defattr(-,root,root)
 %doc ChangeLog OVERVIEW PROTOCOL* README README.privsep README.tun README.dns TODO openssh-lpk-openldap.schema
 %doc openssh-lpk-sun.schema ldap.conf openssh-lpk-openldap.ldif openssh-lpk-sun.ldif HOWTO.ssh-keycat HOWTO.ldap-keys
 %attr(0644,root,root) %{_mandir}/man1/scp.1*
@ -466,14 +464,65 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 %changelog
-* Fri Jul 03 2020 zhouyihang <zhouyihang3@huawei.com> - 7.8P1-9
+* Thu Jul 2 2020 zhouyihang<zhouyihang3@huawei.com> - 8.2P1-5
 - Type:cves
 - ID:CVE-2020-12062
 - SUG:NA
 - DESC:Fix CVE-2020-12062
-* Wed Mar 18 2020 songnannan <songnannan2@huawei.com> - 7.8P1-8
+* Tue Jun 9 2020 openEuler Buildteam <buildteam@openeuler.org> - 8.2P1-4
- bugfix CVE-2018-15919
+- Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:add requires for openssh-server in openssh
 * Wed May 6 2020 openEuler Buildteam <buildteam@openeuler.org> - 8.2P1-3
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:fix update problem
 * Sat Apr 18 2020 openEuler Buildteam <buildteam@openeuler.org> - 8.2P1-2
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:fix pre problem
 * Thu Apr 16 2020 openEuler Buildteam <buildteam@openeuler.org> - 8.2P1-1
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:update to 8.2P1
 * Mon Mar 30 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.8P1-12
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:move sshd.service in %post server
 * Wed Mar 18 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.8P1-11
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:reduction of authority
 * Fri Mar 13 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.8P1-10
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:separate package
 * Thu Mar 5 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.8P1-9
 - Type:cves
 - ID:CVE-2018-15919
 - SUG:NA
 - DESC:Fix CVE-2018-15919
 * Thu Mar 5 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.8P1-8
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:debug3 to verbose in command line
 * Tue Jan 21 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.8P1-7
 - Type:bugfix
--- a/pam_ssh_agent_auth-0.10.2-compat.patch
+++ b/pam_ssh_agent_auth-0.10.2-compat.patch
@ -1,6 +1,6 @@
 diff -up openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c
 --- openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c	2018-08-24 10:22:56.281930322 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c	2020-02-07 10:43:05.011757956 +0100
@@ -27,6 +27,7 @@
  * or implied, of Jamie Beverly.
  */
@ -34,7 +34,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat openss
 diff -up openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/identity.h
 --- openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh/pam_ssh_agent_auth-0.10.3/identity.h	2018-08-24 10:18:05.009393312 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/identity.h	2020-02-07 10:43:05.011757956 +0100
@@ -30,8 +30,8 @@
 #include "openbsd-compat/sys-queue.h"
 #include "xmalloc.h"
@ -56,8 +56,8 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-compat openssh/pam_ss
     int tried;
     int isprivate;      /* key points to the private key */
 diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
--- openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat	2018-08-24 10:18:05.007393297 +0200
+--- openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat	2020-02-07 10:43:05.009757925 +0100
-+++ openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c	2018-08-24 10:18:32.937612513 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c	2020-02-07 10:43:05.012757972 +0100
@@ -36,8 +36,8 @@
 #include "openbsd-compat/sys-queue.h"
 #include "xmalloc.h"
@ -119,7 +119,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat
                                 const char * ruser, const char * servicename)
 {
     u_char *cookie = NULL;
-@@ -114,22 +116,23 @@ pamsshagentauth_session_id2_gen(Buffer *
+@@ -114,22 +120,23 @@ pamsshagentauth_session_id2_gen(Buffer *
     char ** reported_argv = NULL;
     size_t count = 0;
     char * action_logbuf = NULL;
@ -147,13 +147,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat
         }
         cookie[i] = (u_char) rnd;
         rnd >>= 8;
-@@ -139,12 +141,13 @@ pamsshagentauth_session_id2_gen(Buffer *
+@@ -144,7 +151,8 @@ pamsshagentauth_session_id2_gen(Buffer *
     if (count > 0) { 
         free_logbuf = 1;
         action_logbuf = log_action(reported_argv, count);
 -        agent_action(&action_agentbuf, reported_argv, count);
 +        agent_action(&action_agentbuf, reported_argv, count);
         pamsshagentauth_free_command_line(reported_argv, count);
     }
     else {
         action_logbuf = "unknown on this platform";
@ -163,7 +157,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat
     }
     /*
-@@ -161,35 +163,39 @@ pamsshagentauth_session_id2_gen(Buffer *
+@@ -161,35 +169,39 @@ pamsshagentauth_session_id2_gen(Buffer *
     retc = getcwd(pwd, sizeof(pwd) - 1);
     time(&ts);
@ -207,6 +201,14 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat
 -        pamsshagentauth_buffer_free(&action_agentbuf);
 +        free(action_logbuf);
 +        sshbuf_free(action_agentbuf);
 +    }
 +    /* debug3("hostname: %s", hostname); */
 +    if (reti >= 0) {
 +        if ((r = sshbuf_put_cstring(*session_id2, hostname)) != 0)
 +            fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +    } else {
 +        if ((r = sshbuf_put_cstring(*session_id2, "")) != 0)
 +            fatal("%s: buffer error: %s", __func__, ssh_err(r));
     }
 -    /* pamsshagentauth_debug3("hostname: %s", hostname); */
 -    if(reti >= 0)
@ -215,21 +217,13 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat
 -        pamsshagentauth_buffer_put_cstring(session_id2, "");
 -    /* pamsshagentauth_debug3("ts: %ld", ts); */
 -    pamsshagentauth_buffer_put_int64(session_id2, (uint64_t) ts);
 +    /* debug3("hostname: %s", hostname); */
 +    if (reti >= 0) {
 +        if ((r = sshbuf_put_cstring(*session_id2, hostname)) != 0)
 +            fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +    } else {
 +        if ((r = sshbuf_put_cstring(*session_id2, "")) != 0)
 +            fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +    }
 +    /* debug3("ts: %ld", ts); */
 +    if ((r = sshbuf_put_u64(*session_id2, (uint64_t) ts)) != 0)
 +        fatal("%s: buffer error: %s", __func__, ssh_err(r));
     free(cookie);
     return;
-@@ -278,7 +280,8 @@ ssh_get_authentication_connection_for_ui
+@@ -278,7 +290,8 @@ ssh_get_authentication_connection_for_ui
 	auth = xmalloc(sizeof(*auth));
 	auth->fd = sock;
@ -239,7 +233,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat
 	auth->howmany = 0;
 	return auth;
-@@ -287,43 +289,42 @@ ssh_get_authentication_connection_for_ui
+@@ -287,9 +300,9 @@ ssh_get_authentication_connection_for_ui
 int
 pamsshagentauth_find_authorized_keys(const char * user, const char * ruser, const char * servicename)
 {
@ -251,11 +245,8 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat
     AuthenticationConnection *ac;
     char *comment;
     uint8_t retval = 0;
-     uid_t uid = getpwnam(ruser)->pw_uid;
+@@ -299,31 +312,30 @@ pamsshagentauth_find_authorized_keys(con
- 
+     pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
     OpenSSL_add_all_digests();
 -    pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
 +    pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
     if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
 -        pamsshagentauth_verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
@ -295,8 +286,8 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat
     return retval;
 }
 diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c
--- openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat	2018-08-24 10:18:05.008393305 +0200
+--- openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat	2020-02-07 10:43:05.010757940 +0100
-+++ openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c	2018-08-24 10:18:05.009393312 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c	2020-02-07 10:43:05.012757972 +0100
@@ -104,7 +104,7 @@ pam_sm_authenticate(pam_handle_t * pamh,
  * a patch 8-)
  */
@ -386,7 +377,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat open
 cleanexit:
 diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c
 --- openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c	2018-08-24 10:18:05.009393312 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c	2020-02-07 10:43:05.012757972 +0100
@@ -66,8 +66,8 @@
 #include "xmalloc.h"
 #include "match.h"
@ -453,7 +444,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compa
         pamsshagentauth_user_key_allowed2(getpwuid(authorized_keys_file_allowed_owner_uid),
 diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h
 --- openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h	2018-08-24 10:18:05.010393320 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h	2020-02-07 10:43:05.012757972 +0100
@@ -32,7 +32,7 @@
 #define _PAM_USER_KEY_ALLOWED_H
@ -465,7 +456,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h.psaa-compa
 #endif
 diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c
 --- openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c	2018-08-24 10:18:05.010393320 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c	2020-02-07 10:43:05.012757972 +0100
@@ -45,44 +45,46 @@
 #include "xmalloc.h"
 #include "ssh.h"
@ -742,7 +733,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat o
 }
 diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h
 --- openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h	2018-08-24 10:18:05.010393320 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h	2020-02-07 10:43:05.012757972 +0100
@@ -32,7 +32,7 @@
 #define _PAM_USER_KEY_ALLOWED_H
@ -755,7 +746,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h.psaa-compat o
 #endif
 diff -up openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c
 --- openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c	2018-08-24 10:18:05.010393320 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c	2020-02-07 10:43:05.012757972 +0100
@@ -53,8 +53,8 @@
 #include "xmalloc.h"
 #include "match.h"
@ -799,7 +790,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat openssh
 		}
 diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
 --- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c	2018-08-24 10:22:13.202657025 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c	2020-02-07 10:43:23.520048960 +0100
@@ -37,10 +37,11 @@
 #include "xmalloc.h"
 #include "ssh.h"
@ -814,7 +805,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat
 #include "pathnames.h"
 #include "misc.h"
 #include "secure_filename.h"
-@@ -48,54 +48,59 @@
+@@ -48,54 +49,59 @@
 #include "identity.h"
 #include "pam_user_authorized_keys.h"
@ -833,8 +824,8 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat
     char           *pkalg = NULL;
     u_char         *pkblob = NULL, *sig = NULL;
 -    u_int           blen = 0, slen = 0;
 +    size_t          blen = 0, slen = 0;
 -    int             authenticated = 0;
 +    size_t          blen = 0, slen = 0;
 +    int             r, authenticated = 0;
 -    pkalg = (char *) key_ssh_name(id->key);
@ -879,7 +870,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat
     /* test for correct signature */
 -    if(pamsshagentauth_key_verify(id->key, sig, slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) == 1)
-+    if (sshkey_verify(id->key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) == 0)
+    if (sshkey_verify(id->key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0, NULL) == 0)
         authenticated = 1;
   user_auth_clean_exit:
@ -898,7 +889,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat
 }
 diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h
 --- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h	2018-08-24 10:18:05.010393320 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h	2020-02-07 10:43:05.013757988 +0100
@@ -31,7 +31,7 @@
 #ifndef _USERAUTH_PUBKEY_FROM_ID_H
 #define _USERAUTH_PUBKEY_FROM_ID_H
@ -911,7 +902,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h.psaa-compat
 #endif
 diff -up openssh/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/uuencode.c
 --- openssh/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh/pam_ssh_agent_auth-0.10.3/uuencode.c	2018-08-24 10:18:05.010393320 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/uuencode.c	2020-02-07 10:43:05.013757988 +0100
@@ -56,7 +56,7 @@ pamsshagentauth_uudecode(const char *src
 	/* and remove trailing whitespace because __b64_pton needs this */
 	*p = '\0';
--- a/pam_ssh_agent_auth-0.9.3-build.patch
+++ b/pam_ssh_agent_auth-0.9.3-build.patch
@ -159,15 +159,17 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in.psaa-build openssh-
 LIBS=@LIBS@
 AR=@AR@
 AWK=@AWK@
-@@ -61,7 +61,7 @@ INSTALL=@INSTALL@
+@@ -61,8 +61,8 @@ INSTALL=@INSTALL@
 PERL=@PERL@
 SED=@SED@
 ENT=@ENT@
 -LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
 -LDFLAGS_SHARED = @LDFLAGS_SHARED@
 +LDFLAGS=-L.. -L../openbsd-compat/ @LDFLAGS@
- LDFLAGS_SHARED = @LDFLAGS_SHARED@
+LDFLAGS_SHARED =-Wl,-z,defs @LDFLAGS_SHARED@
 EXEEXT=@EXEEXT@
 INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
@@ -74,7 +74,7 @@ SSHOBJS=xmalloc.o atomicio.o authfd.o bu
 ED25519OBJS=ed25519-donna/ed25519.o
@ -189,8 +191,8 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in.psaa-build openssh-
 -pam_ssh_agent_auth.so: $(LIBCOMPAT) $(SSHOBJS) $(ED25519OBJS) $(PAM_SSH_AGENT_AUTH_OBJS)  pam_ssh_agent_auth.o
 -	$(LD) $(LDFLAGS_SHARED) -o $@ $(SSHOBJS) $(ED25519OBJS) $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lopenbsd-compat pam_ssh_agent_auth.o $(LIBS) -lpam
-+pam_ssh_agent_auth.so: $(PAM_SSH_AGENT_AUTH_OBJS)  pam_ssh_agent_auth.o ../uidswap.o
+pam_ssh_agent_auth.so: $(PAM_SSH_AGENT_AUTH_OBJS)  pam_ssh_agent_auth.o ../uidswap.o ../ssh-sk-client.o
-+	$(LD) $(LDFLAGS_SHARED) -o $@ $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat pam_ssh_agent_auth.o ../uidswap.o $(LIBS) -lpam
+	$(LD) $(LDFLAGS_SHARED) -o $@ $(PAM_SSH_AGENT_AUTH_OBJS) ../ssh-sk-client.o $(LDFLAGS) -lssh -lopenbsd-compat pam_ssh_agent_auth.o ../uidswap.o $(LIBS) -lpam
 $(MANPAGES): $(MANPAGES_IN)
 	pod2man --section=8 --release=v0.10.3 --name=pam_ssh_agent_auth --official --center "PAM" pam_ssh_agent_auth.pod > pam_ssh_agent_auth.8
--- a/set-sshd-config.patch
+++ b/set-sshd-config.patch
@ -0,0 +1,104 @@
 From 8f2d1c4f30dd88e36ed4c9b5771c92c878378125 Mon Sep 17 00:00:00 2001
 From: m00525086 <majun65@huawei.com>
 Date: Thu, 16 Apr 2020 19:25:27 +0800
 Subject: [PATCH] sshd_config
 ---
 sshd_config | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)
 diff --git a/sshd_config b/sshd_config
 index b121450..e8e6299 100644
 --- a/sshd_config
 +++ b/sshd_config
@@ -19,21 +19,22 @@
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 -#HostKey /etc/ssh/ssh_host_rsa_key
 -#HostKey /etc/ssh/ssh_host_ecdsa_key
 -#HostKey /etc/ssh/ssh_host_ed25519_key
 +HostKey /etc/ssh/ssh_host_rsa_key
 +HostKey /etc/ssh/ssh_host_ecdsa_key
 +HostKey /etc/ssh/ssh_host_ed25519_key
 # Ciphers and keying
 #RekeyLimit default none
 # Logging
 #SyslogFacility AUTH
 +SyslogFacility AUTHPRIV
 #LogLevel INFO
 # Authentication:
 #LoginGraceTime 2m
 -#PermitRootLogin prohibit-password
 +PermitRootLogin yes
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
@@ -60,9 +61,11 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
 +PasswordAuthentication yes
 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes
 +ChallengeResponseAuthentication no
 # Kerberos options
 #KerberosAuthentication no
@@ -72,8 +75,8 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #KerberosUseKuserok yes
 # GSSAPI options
 -#GSSAPIAuthentication no
 -#GSSAPICleanupCredentials yes
 +GSSAPIAuthentication yes
 +GSSAPICleanupCredentials no
 #GSSAPIStrictAcceptorCheck yes
 #GSSAPIKeyExchange no
 #GSSAPIEnablek5users no
@@ -89,16 +92,16 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # and ChallengeResponseAuthentication to 'no'.
 # WARNING: 'UsePAM no' is not supported in openEuler and may cause several
 # problems.
 -#UsePAM no
 +UsePAM yes
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
 -#X11Forwarding no
 +X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PermitTTY yes
 -#PrintMotd yes
 +PrintMotd no
 #PrintLastLog yes
 #TCPKeepAlive yes
 #PermitUserEnvironment no
@@ -115,6 +118,11 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # no default banner path
 #Banner none
 +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
 +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
 +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
 +AcceptEnv XMODIFIERS
 +
 # override default of no subsystems
 Subsystem	sftp	/usr/libexec/sftp-server
@@ -129,4 +137,4 @@ Subsystem	sftp	/usr/libexec/sftp-server
 # To modify the system-wide ssh configuration, create a  *.conf  file under
 #  /etc/ssh/sshd_config.d/  which will be automatically included below
 -Include /etc/ssh/sshd_config.d/*.conf
 +#Include /etc/ssh/sshd_config.d/*.conf
 -- 
 2.19.1
--- a/4
+++ b/4
@ -31,8 +31,8 @@ fi
 # sanitize permissions
 /usr/bin/chgrp ssh_keys $KEY
-/usr/bin/chmod 640 $KEY
+/usr/bin/chmod 400 $KEY
-/usr/bin/chmod 644 $KEY.pub
+/usr/bin/chmod 400 $KEY.pub
 if [[ -x /usr/sbin/restorecon ]]; then
 	/usr/sbin/restorecon $KEY{,.pub}
 fi
--- a/sshd.service
+++ b/sshd.service
@ -7,8 +7,9 @@ Wants=sshd-keygen.target
 [Service]
 Type=notify
 EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
 EnvironmentFile=-/etc/sysconfig/sshd-permitrootlogin
 EnvironmentFile=-/etc/sysconfig/sshd
-ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY
+ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY $PERMITROOTLOGIN
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure
--- a/sshd.sysconfig
+++ b/sshd.sysconfig
@ -8,4 +8,4 @@
 # System-wide crypto policy:
 # To opt-out, uncomment the following line
-CRYPTO_POLICY=
+# CRYPTO_POLICY=
--- a/sshd@.service
+++ b/sshd@.service
@ -6,6 +6,7 @@ After=sshd-keygen.target
 [Service]
 EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
 EnvironmentFile=-/etc/sysconfig/sshd-permitrootlogin
 EnvironmentFile=-/etc/sysconfig/sshd
-ExecStart=-/usr/sbin/sshd -i $OPTIONS $CRYPTO_POLICY
+ExecStart=-/usr/sbin/sshd -i $OPTIONS $CRYPTO_POLICY $PERMITROOTLOGIN
 StandardInput=socket
--- a/upstream-Always-initialize-2nd-arg-to-hpdelim2.-It-p.patch
+++ b/upstream-Always-initialize-2nd-arg-to-hpdelim2.-It-p.patch
@ -1,53 +0,0 @@
 From 7f9fc6a467c030ab36fba3a99377ed4330545a1d Mon Sep 17 00:00:00 2001
 From: guoxiaoqi <guoxiaoqi2@huawei.com>
 Date: Tue, 5 Mar 2019 12:01:44 +0000
 Subject: [PATCH] upstream-Always-initialize-2nd-arg-to-hpdelim2.-It-p
 ---
 servconf.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
 diff --git a/servconf.c b/servconf.c
 index 67a71ba..434f0bc 100644
 --- a/servconf.c
 +++ b/servconf.c
@@ -927,6 +927,7 @@ process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
 	/* Otherwise treat it as a list of permitted host:port */
 	for (i = 0; i < num_opens; i++) {
 		oarg = arg = xstrdup(opens[i]);
 +		ch = '\0';
 		host = hpdelim2(&arg, &ch);
 		if (host == NULL || ch == '/')
 			fatal("%s: missing host in %s", __func__, what);
@@ -1246,7 +1247,7 @@ process_server_config_line(ServerOptions *options, char *line,
     const char *filename, int linenum, int *activep,
     struct connection_info *connectinfo)
 {
 -	char *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
 +	char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
 	int cmdline = 0, *intptr, value, value2, n, port;
 	SyslogFacility *log_facility_ptr;
 	LogLevel *log_level_ptr;
@@ -1349,8 +1350,8 @@ process_server_config_line(ServerOptions *options, char *line,
 			port = 0;
 			p = arg;
 		} else {
 -			char ch;
 			arg2 = NULL;
 +			ch = '\0';
 			p = hpdelim2(&arg, &ch);
 			if (p == NULL || ch == '/')
 				fatal("%s line %d: bad address:port usage",
@@ -2014,8 +2015,8 @@ process_server_config_line(ServerOptions *options, char *line,
 				 */
 				xasprintf(&arg2, "*:%s", arg);
 			} else {
 -				char ch;
 				arg2 = xstrdup(arg);
 +				ch = '\0';
 				p = hpdelim2(&arg, &ch);
 				if (p == NULL || ch == '/') {
 					fatal("%s line %d: missing host in %s",
 -- 
 1.8.3.1
--- a/upstream-Fix-BN_is_prime_-calls-in-SSH-the-API-retur.patch
+++ b/upstream-Fix-BN_is_prime_-calls-in-SSH-the-API-retur.patch
@ -1,75 +0,0 @@
 From a36b0b14a12971086034d53c0c3dfbad07665abe Mon Sep 17 00:00:00 2001
 From: "tb@openbsd.org" <tb@openbsd.org>
 Date: Sun, 20 Jan 2019 02:01:59 +0000
 Subject: [PATCH 185/294] upstream: Fix BN_is_prime_* calls in SSH, the API
 returns -1 on
 error.
 Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
 by David Benjamin.
 ok djm, dtucker
 OpenBSD-Commit-ID: 1ee832be3c44b1337f76b8562ec6d203f3b072f8
 ---
 moduli.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)
 diff --git a/moduli.c b/moduli.c
 index 233cba8..48150da 100644
 --- a/moduli.c
 +++ b/moduli.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: moduli.c,v 1.32 2017/12/08 03:45:52 deraadt Exp $ */
 +/* $OpenBSD: moduli.c,v 1.33 2019/01/20 02:01:59 tb Exp $ */
 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -582,7 +582,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
 	u_int32_t generator_known, in_tests, in_tries, in_type, in_size;
 	unsigned long last_processed = 0, end_lineno;
 	time_t time_start, time_stop;
 -	int res;
 +	int res, is_prime;
 	if (trials < TRIAL_MINIMUM) {
 		error("Minimum primality trials is %d", TRIAL_MINIMUM);
@@ -753,7 +753,10 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
 		 * that p is also prime. A single pass will weed out the
 		 * vast majority of composite q's.
 		 */
 -		if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) {
 +		is_prime = BN_is_prime_ex(q, 1, ctx, NULL);
 +		if (is_prime < 0)
 +			fatal("BN_is_prime_ex failed");
 +		if (is_prime == 0) {
 			debug("%10u: q failed first possible prime test",
 			    count_in);
 			continue;
@@ -766,14 +769,20 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
 		 * will show up on the first Rabin-Miller iteration so it
 		 * doesn't hurt to specify a high iteration count.
 		 */
 -		if (!BN_is_prime_ex(p, trials, ctx, NULL)) {
 +		is_prime = BN_is_prime_ex(p, trials, ctx, NULL);
 +		if (is_prime < 0)
 +			fatal("BN_is_prime_ex failed");
 +		if (is_prime == 0) {
 			debug("%10u: p is not prime", count_in);
 			continue;
 		}
 		debug("%10u: p is almost certainly prime", count_in);
 		/* recheck q more rigorously */
 -		if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) {
 +		is_prime = BN_is_prime_ex(q, trials - 1, ctx, NULL);
 +		if (is_prime < 0)
 +			fatal("BN_is_prime_ex failed");
 +		if (is_prime == 0) {
 			debug("%10u: q is not prime", count_in);
 			continue;
 		}
 -- 
 1.8.3.1
--- a/upstream-When-choosing-a-prime-from-the-moduli-file-.patch
+++ b/upstream-When-choosing-a-prime-from-the-moduli-file-.patch
@ -1,62 +0,0 @@
 From 5e532320e9e51de720d5f3cc2596e95d29f6e98f Mon Sep 17 00:00:00 2001
 From: "millert@openbsd.org" <millert@openbsd.org>
 Date: Mon, 17 Sep 2018 15:40:14 +0000
 Subject: [PATCH 037/294] upstream: When choosing a prime from the moduli file,
 avoid
 re-using the linenum variable for something that is not a line number to
 avoid the confusion that resulted in the bug in rev. 1.64.  This also lets us
 pass the actual linenum to parse_prime() so the error messages include the
 correct line number.  OK markus@ some time ago.
 OpenBSD-Commit-ID: 4d8e5d3e924d6e8eb70053e3defa23c151a00084
 ---
 dh.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)
 diff --git a/dh.c b/dh.c
 index f3ed388..657b32d 100644
 --- a/dh.c
 +++ b/dh.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: dh.c,v 1.66 2018/08/04 00:55:06 djm Exp $ */
 +/* $OpenBSD: dh.c,v 1.68 2018/09/17 15:40:14 millert Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -188,15 +188,17 @@ choose_dh(int min, int wantbits, int max)
 		logit("WARNING: no suitable primes in %s", _PATH_DH_MODULI);
 		return (dh_new_group_fallback(max));
 	}
 +	which = arc4random_uniform(bestcount);
 	linenum = 0;
 -	which = arc4random_uniform(bestcount);
 +	bestcount = 0;
 	while (getline(&line, &linesize, f) != -1) {
 +		linenum++;
 		if (!parse_prime(linenum, line, &dhg))
 			continue;
 		if ((dhg.size > max || dhg.size < min) ||
 		    dhg.size != best ||
 -		    linenum++ != which) {
 +		    bestcount++ != which) {
 			BN_clear_free(dhg.g);
 			BN_clear_free(dhg.p);
 			continue;
@@ -206,9 +208,9 @@ choose_dh(int min, int wantbits, int max)
 	free(line);
 	line = NULL;
 	fclose(f);
 -	if (linenum != which+1) {
 -		logit("WARNING: line %d disappeared in %s, giving up",
 -		    which, _PATH_DH_MODULI);
 +	if (bestcount != which + 1) {
 +		logit("WARNING: selected prime disappeared in %s, giving up",
 +		    _PATH_DH_MODULI);
 		return (dh_new_group_fallback(max));
 	}
 -- 
 1.8.3.1
--- a/upstream-correct-local-variable-name-from-yawang-AT-.patch
+++ b/upstream-correct-local-variable-name-from-yawang-AT-.patch
@ -1,42 +0,0 @@
 From 81f1620c836e6c79c0823ba44acca605226a80f1 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Fri, 9 Nov 2018 02:56:22 +0000
 Subject: [PATCH 106/294] upstream: correct local variable name; from yawang AT
 microsoft.com
 OpenBSD-Commit-ID: a0c228390856a215bb66319c89cb3959d3af8c87
 ---
 dh.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 diff --git a/dh.c b/dh.c
 index 657b32d..a98d39e 100644
 --- a/dh.c
 +++ b/dh.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: dh.c,v 1.68 2018/09/17 15:40:14 millert Exp $ */
 +/* $OpenBSD: dh.c,v 1.69 2018/11/09 02:56:22 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -406,7 +406,7 @@ dh_new_group16(void)
 DH *
 dh_new_group18(void)
 {
 -	static char *gen = "2", *group16 =
 +	static char *gen = "2", *group18 =
 	    "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
 	    "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
 	    "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
@@ -451,7 +451,7 @@ dh_new_group18(void)
 	    "9558E447" "5677E9AA" "9E3050E2" "765694DF" "C81F56E8" "80B96E71"
 	    "60C980DD" "98EDD3DF" "FFFFFFFF" "FFFFFFFF";
 -	return (dh_new_group_asc(gen, group16));
 +	return (dh_new_group_asc(gen, group18));
 }
 /* Select fallback group used by DH-GEX if moduli file cannot be read. */
 -- 
 1.8.3.1
--- a/upstream-disallow-empty-incoming-filename-or-ones-th.patch
+++ b/upstream-disallow-empty-incoming-filename-or-ones-th.patch
@ -1,36 +0,0 @@
 From 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Fri, 16 Nov 2018 03:03:10 +0000
 Subject: [PATCH 112/294] upstream: disallow empty incoming filename or ones
 that refer to the
 current directory; based on report/patch from Harry Sintonen
 OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9
 ---
 scp.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 diff --git a/scp.c b/scp.c
 index 60682c6..4f3fdcd 100644
 --- a/scp.c
 +++ b/scp.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */
 +/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -1106,7 +1106,8 @@ sink(int argc, char **argv)
 			SCREWUP("size out of range");
 		size = (off_t)ull;
 -		if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
 +		if (*cp == '\0' || strchr(cp, '/') != NULL ||
 +		    strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
 			run_err("error: unexpected filename: %s", cp);
 			exit(1);
 		}
 -- 
 1.8.3.1
--- a/upstream-don-t-attempt-to-connect-to-empty-SSH_AUTH_.patch
+++ b/upstream-don-t-attempt-to-connect-to-empty-SSH_AUTH_.patch
@ -1,33 +0,0 @@
 From 87d6cf1cbc91df6815db8fe0acc7c910bc3d18e4 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Fri, 30 Nov 2018 02:24:52 +0000
 Subject: [PATCH 135/294] upstream: don't attempt to connect to empty
 SSH_AUTH_SOCK; bz#293
 OpenBSD-Commit-ID: 0e8fc8f19f14b21adef7109e0faa583d87c0e929
 ---
 authfd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/authfd.c b/authfd.c
 index ecdd869..cc9c650 100644
 --- a/authfd.c
 +++ b/authfd.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: authfd.c,v 1.111 2018/07/09 21:59:10 markus Exp $ */
 +/* $OpenBSD: authfd.c,v 1.112 2018/11/30 02:24:52 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -94,7 +94,7 @@ ssh_get_authentication_socket(int *fdp)
 		*fdp = -1;
 	authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
 -	if (!authsocket)
 +	if (authsocket == NULL || *authsocket == '\0')
 		return SSH_ERR_AGENT_NOT_PRESENT;
 	memset(&sunaddr, 0, sizeof(sunaddr));
 -- 
 1.8.3.1
--- a/upstream-don-t-truncate-user-or-host-name-in-user-ho.patch
+++ b/upstream-don-t-truncate-user-or-host-name-in-user-ho.patch
@ -1,48 +0,0 @@
 From 91b19198c3f604f5eef2c56dbe36f29478243141 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Wed, 28 Nov 2018 06:00:38 +0000
 Subject: [PATCH 134/294] upstream: don't truncate user or host name in
 "user@host's
 OpenBSD-Commit-ID: e6ca01a8d58004b7f2cac0b1b7ce8f87e425e360
 ---
 sshconnect2.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)
 diff --git a/sshconnect2.c b/sshconnect2.c
 index 200e07d..6186ca7 100644
 --- a/sshconnect2.c
 +++ b/sshconnect2.c
@@ -1193,8 +1193,7 @@ userauth_passwd(Authctxt *authctxt)
 {
 	struct ssh *ssh = active_state; /* XXX */
 	static int attempt = 0;
 -	char prompt[256];
 -	char *password;
 +	char *password, *prompt = NULL;
 	const char *host = options.host_key_alias ?  options.host_key_alias :
 	    authctxt->host;
 	int r;
@@ -1205,8 +1204,7 @@ userauth_passwd(Authctxt *authctxt)
 	if (attempt != 1)
 		error("Permission denied, please try again.");
 -	snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
 -	    authctxt->server_user, host);
 +	xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host);
 	password = read_passphrase(prompt, 0);
 	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
@@ -1218,7 +1216,8 @@ userauth_passwd(Authctxt *authctxt)
 	    (r = sshpkt_send(ssh)) != 0)
 		fatal("%s: %s", __func__, ssh_err(r));
 -	if (password)
 +	free(prompt);
 +	if (password != NULL)
 		freezero(password, strlen(password));
 	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
 -- 
 1.8.3.1
--- a/upstream-fix-bug-in-HostbasedAcceptedKeyTypes-and.patch
+++ b/upstream-fix-bug-in-HostbasedAcceptedKeyTypes-and.patch
@ -1,80 +0,0 @@
 From e76135e3007f1564427b2956c628923d8dc2f75a Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Fri, 16 Nov 2018 02:43:56 +0000
 Subject: [PATCH 110/294] upstream: fix bug in HostbasedAcceptedKeyTypes and
 PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were
 specified, then authentication would always fail for RSA keys as the monitor
 checks only the base key (not the signature algorithm) type against
 *AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker
 OpenBSD-Commit-ID: 117bc3dc54578dbdb515a1d3732988cb5b00461b
 ---
 monitor.c | 37 +++++++++++++++++++++++++++++++++----
 1 file changed, 33 insertions(+), 4 deletions(-)
 diff --git a/monitor.c b/monitor.c
 index f56ea85..553e4aa 100644
 --- a/monitor.c
 +++ b/monitor.c
@@ -912,6 +912,35 @@ mm_answer_authrole(int sock, struct sshbuf *m)
 }
 #endif
 +/*
 + * Check that the key type appears in the supplied pattern list, ignoring
 + * mismatches in the signature algorithm. (Signature algorithm checks are
 + * performed in the unprivileged authentication code).
 + * Returns 1 on success, 0 otherwise.
 + */
 +static int
 +key_base_type_match(const char *method, const struct sshkey *key,
 +    const char *list)
 +{
 +       char *s, *l, *ol = xstrdup(list);
 +       int found = 0;
 +
 +       l = ol;
 +       for ((s = strsep(&l, ",")); s && *s != '\0'; (s = strsep(&l, ","))) {
 +               if (sshkey_type_from_name(s) == key->type) {
 +                       found = 1;
 +                       break;
 +               }
 +       }
 +       if (!found) {
 +               error("%s key type %s is not in permitted list %s", method,
 +                   sshkey_ssh_name(key), list);
 +       }
 +
 +       free(ol);
 +       return found;
 +}
 +
 int
 mm_answer_authpassword(int sock, struct sshbuf *m)
 {
@@ -1217,8 +1246,8 @@ mm_answer_keyallowed(int sock, struct sshbuf *m)
 				break;
 			if (auth2_key_already_used(authctxt, key))
 				break;
 -			if (match_pattern_list(sshkey_ssh_name(key),
 -			    options.pubkey_key_types, 0) != 1)
 +                        if (!key_base_type_match(auth_method, key,
 +                            options.pubkey_key_types))
 				break;
 			allowed = user_key_allowed(ssh, authctxt->pw, key,
 			    pubkey_auth_attempt, &opts);
@@ -1229,8 +1258,8 @@ mm_answer_keyallowed(int sock, struct sshbuf *m)
 				break;
 			if (auth2_key_already_used(authctxt, key))
 				break;
 -			if (match_pattern_list(sshkey_ssh_name(key),
 -			    options.hostbased_key_types, 0) != 1)
 +                        if (!key_base_type_match(auth_method, key,
 +                            options.hostbased_key_types))
 				break;
 			allowed = hostbased_key_allowed(authctxt->pw,
 			    cuser, chost, key);
 -- 
 1.8.3.1
--- a/upstream-fix-bug-in-client-that-was-keeping-a-redund.patch
+++ b/upstream-fix-bug-in-client-that-was-keeping-a-redund.patch
@ -1,49 +0,0 @@
 From aaed635e3a401cfcc4cc97f33788179c458901c3 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Fri, 16 Nov 2018 02:46:20 +0000
 Subject: [PATCH 111/294] upstream: fix bug in client that was keeping a
 redundant ssh-agent
 socket around for the life of the connection; bz#2912; reported by Simon
 Tatham; ok dtucker@
 OpenBSD-Commit-ID: 4ded588301183d343dce3e8c5fc1398e35058478
 ---
 sshconnect2.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
 diff --git a/sshconnect2.c b/sshconnect2.c
 index 1e894e8..ff450e5 100644
 --- a/sshconnect2.c
 +++ b/sshconnect2.c
@@ -583,7 +583,6 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
 	/* setup authentication context */
 	memset(&authctxt, 0, sizeof(authctxt));
 -	pubkey_prepare(&authctxt);
 	authctxt.server_user = server_user;
 	authctxt.local_user = local_user;
 	authctxt.host = host;
@@ -596,6 +595,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
 	authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL;
 	authctxt.info_req_seen = 0;
 	authctxt.agent_fd = -1;
 +        pubkey_prepare(&authctxt);
 	if (authctxt.method == NULL)
 		fatal("ssh_userauth2: internal error: cannot send userauth none request");
@@ -1849,8 +1849,10 @@ pubkey_cleanup(Authctxt *authctxt)
 {
 	Identity *id;
 -	if (authctxt->agent_fd != -1)
 +	if (authctxt->agent_fd != -1) {
 		ssh_close_authentication_socket(authctxt->agent_fd);
 +		authctxt->agent_fd = -1;
 +	}
 	for (id = TAILQ_FIRST(&authctxt->keys); id;
 	    id = TAILQ_FIRST(&authctxt->keys)) {
 		TAILQ_REMOVE(&authctxt->keys, id, next);
 -- 
 1.8.3.1
--- a/upstream-fix-build-with-DEBUG_PK-enabled.patch
+++ b/upstream-fix-build-with-DEBUG_PK-enabled.patch
@ -1,34 +0,0 @@
 From 086cc614f550b7d4f100c95e472a6b6b823938ab Mon Sep 17 00:00:00 2001
 From: "mestre@openbsd.org" <mestre@openbsd.org>
 Date: Tue, 28 Aug 2018 12:17:45 +0000
 Subject: [PATCH 005/294] upstream: fix build with DEBUG_PK enabled
 OK dtucker@
 OpenBSD-Commit-ID: ec1568cf27726e9638a0415481c20c406e7b441c
 ---
 auth2-hostbased.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/auth2-hostbased.c b/auth2-hostbased.c
 index 3593932..73944bc 100644
 --- a/auth2-hostbased.c
 +++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: auth2-hostbased.c,v 1.36 2018/07/31 03:10:27 djm Exp $ */
 +/* $OpenBSD: auth2-hostbased.c,v 1.37 2018/08/28 12:17:45 mestre Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -79,7 +79,7 @@ userauth_hostbased(struct ssh *ssh)
 	    cuser, chost, pkalg, slen);
 #ifdef DEBUG_PK
 	debug("signature:");
 -	sshbuf_dump_data(sig, siglen, stderr);
 +	sshbuf_dump_data(sig, slen, stderr);
 #endif
 	pktype = sshkey_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC) {
 -- 
 1.8.3.1
--- a/upstream-fix-memory-leak-of-ciphercontext-when-rekey.patch
+++ b/upstream-fix-memory-leak-of-ciphercontext-when-rekey.patch
@ -1,38 +0,0 @@
 From 8a8183474c41bd6cebaa917346b549af2239ba2f Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Fri, 4 Jan 2019 03:23:00 +0000
 Subject: [PATCH 148/294] upstream: fix memory leak of ciphercontext when
 rekeying; bz#2942
 Patch from Markus Schmidt; ok markus@
 OpenBSD-Commit-ID: 7877f1b82e249986f1ef98d0ae76ce987d332bdd
 ---
 packet.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/packet.c b/packet.c
 index 89063f2..046e03f 100644
 --- a/packet.c
 +++ b/packet.c
@@ -874,8 +874,6 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
 		   (unsigned long long)state->p_send.bytes,
 		   (unsigned long long)state->p_send.blocks);
 		audit_session_key_free(mode);
 -		cipher_free(*ccp);
 -		*ccp = NULL;
 		kex_free_newkeys(state->newkeys[mode]);
 		state->newkeys[mode] = NULL;
 	}
@@ -894,6 +892,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
 	}
 	mac->enabled = 1;
 	DBG(debug("cipher_init_context: %d", mode));
 +	cipher_free(*ccp);
 +	*ccp = NULL;
 	if ((r = cipher_init(ccp, enc->cipher, enc->key, enc->key_len,
 	    enc->iv, enc->iv_len, crypt_type)) != 0)
 		return r;
 -- 
 1.8.3.1
--- a/upstream-fix-misplaced-parenthesis-inside-if-clause..patch
+++ b/upstream-fix-misplaced-parenthesis-inside-if-clause..patch
@ -1,38 +0,0 @@
 From db8bb80e3ac1bcb3e1305d846cd98c6b869bf03f Mon Sep 17 00:00:00 2001
 From: "mestre@openbsd.org" <mestre@openbsd.org>
 Date: Tue, 28 Aug 2018 12:25:53 +0000
 Subject: [PATCH 006/294] upstream: fix misplaced parenthesis inside if-clause.
 it's harmless
 and the only issue is showing an unknown error (since it's not defined)
 during fatal(), if it ever an error occurs inside that condition.
 OK deraadt@ markus@ djm@
 OpenBSD-Commit-ID: acb0a8e6936bfbe590504752d01d1d251a7101d8
 ---
 auth2-pubkey.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/auth2-pubkey.c b/auth2-pubkey.c
 index 3d9f9af..f9e4e2e 100644
 --- a/auth2-pubkey.c
 +++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: auth2-pubkey.c,v 1.84 2018/08/23 03:01:08 djm Exp $ */
 +/* $OpenBSD: auth2-pubkey.c,v 1.85 2018/08/28 12:25:53 mestre Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -177,7 +177,7 @@ userauth_pubkey(struct ssh *ssh)
 		    (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
 		    (r = sshbuf_put_cstring(b, "publickey")) != 0 ||
 		    (r = sshbuf_put_u8(b, have_sig)) != 0 ||
 -		    (r = sshbuf_put_cstring(b, pkalg) != 0) ||
 +		    (r = sshbuf_put_cstring(b, pkalg)) != 0 ||
 		    (r = sshbuf_put_string(b, pkblob, blen)) != 0)
 			fatal("%s: build packet failed: %s",
 			    __func__, ssh_err(r));
 -- 
 1.8.3.1
--- a/upstream-fix-ssh-Q-sig-to-show-correct-signature-alg.patch
+++ b/upstream-fix-ssh-Q-sig-to-show-correct-signature-alg.patch
@ -1,29 +0,0 @@
 From aa083aa9624ea7b764d5a81c4c676719a1a3e42b Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Thu, 20 Sep 2018 03:31:49 +0000
 Subject: [PATCH 041/294] upstream: fix "ssh -Q sig" to show correct signature
 algorithm list
 (it was erroneously showing certificate algorithms); prompted by markus@
 OpenBSD-Commit-ID: 1cdee002f2f0c21456979deeb887fc889afb154d
 ---
 ssh.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/ssh.c b/ssh.c
 index 1101ab2..34301c3 100644
 --- a/ssh.c
 +++ b/ssh.c
@@ -750,7 +750,7 @@ main(int ac, char **av)
 			else if (strcmp(optarg, "key-cert") == 0)
 				cp = sshkey_alg_list(1, 0, 0, '\n');
 			else if (strcmp(optarg, "key-plain") == 0)
 -				cp = sshkey_alg_list(0, 1, 0, '\n');
 +				cp = sshkey_alg_list(0, 1, 1, '\n');
 			else if (strcmp(optarg, "protocol-version") == 0) {
 				cp = xstrdup("2");
 			}
 -- 
 1.8.3.1
--- a/upstream-fix-sshd-T-without-C.patch
+++ b/upstream-fix-sshd-T-without-C.patch
@ -1,168 +0,0 @@
 From: Darren Tucker
 Date: 2019-04-18 19:42:28 EST
 Subject: [PATCH] ssh-T
 ---
 regress/cfgmatch.sh | 47 +++++++++++++++++++++++++++++++++++++++++++--
 servconf.c          | 14 ++++++++------
 servconf.h          |  2 ++
 sshd.c              |  1 +
 4 files changed, 56 insertions(+), 8 deletions(-)
 diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh
 index dd11e40..37fe6f8 100644
 --- a/regress/cfgmatch.sh
 +++ b/regress/cfgmatch.sh
@@ -51,9 +51,10 @@ echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy
 echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy
 echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_proxy
 -start_sshd
 +${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \
 +    fail "config w/match fails config test"
 -#set -x
 +start_sshd
 # Test Match + PermitOpen in sshd_config.  This should be permitted
 trace "match permitopen localhost"
@@ -113,3 +114,45 @@ start_client -F $OBJ/ssh_proxy
 ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \
     fail "nomatch override permitopen"
 stop_client
 +
 +
 +# Test parsing of available Match criteria (with the exception of Group which
 +# requires knowledge of actual group memberships user running the test).
 +params="user:user:u1 host:host:h1 address:addr:1.2.3.4 \
 +    localaddress:laddr:5.6.7.8 rdomain:rdomain:rdom1"
 +cp $OBJ/sshd_proxy_bak $OBJ/sshd_config
 +echo 'Banner /nomatch' >>$OBJ/sshd_config
 +for i in $params; do
 +	config=`echo $i | cut -f1 -d:`
 +	criteria=`echo $i | cut -f2 -d:`
 +	value=`echo $i | cut -f3 -d:`
 +	cat >>$OBJ/sshd_config <<EOD
 +	    Match $config $value
 +	      Banner /$value
 +EOD
 +done
 +${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \
 +    fail "validate config for w/out spec"
 +
 +# Test matching each criteria.
 +for i in $params; do
 +	testcriteria=`echo $i | cut -f2 -d:`
 +	expected=/`echo $i | cut -f3 -d:`
 +	spec=""
 +	for j in $params; do
 +		config=`echo $j | cut -f1 -d:`
 +		criteria=`echo $j | cut -f2 -d:`
 +		value=`echo $j | cut -f3 -d:`
 +		if [ "$criteria" = "$testcriteria" ]; then
 +			spec="$criteria=$value,$spec"
 +		else
 +			spec="$criteria=1$value,$spec"
 +		fi
 +	done
 +	trace "test spec $spec"
 +	result=`${SUDO} ${SSHD} -f $OBJ/sshd_config -T -C "$spec" | \
 +	    awk '$1=="banner"{print $2}'`
 +	if [ "$result" != "$expected" ]; then
 +		fail "match $config expected $expected got $result"
 +	fi
 +done
 diff --git a/servconf.c b/servconf.c
 index 434f0bc..9f363c9 100644
 --- a/servconf.c
 +++ b/servconf.c
@@ -1075,7 +1075,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
 			return -1;
 		}
 		if (strcasecmp(attrib, "user") == 0) {
 -			if (ci == NULL) {
 +			if (ci == NULL || (ci->test && ci->user == NULL)) {
 				result = 0;
 				continue;
 			}
@@ -1087,7 +1087,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
 				debug("user %.100s matched 'User %.100s' at "
 				    "line %d", ci->user, arg, line);
 		} else if (strcasecmp(attrib, "group") == 0) {
 -			if (ci == NULL) {
 +			if (ci == NULL || (ci->test && ci->user == NULL)) {
 				result = 0;
 				continue;
 			}
@@ -1100,7 +1100,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
 				result = 0;
 			}
 		} else if (strcasecmp(attrib, "host") == 0) {
 -			if (ci == NULL) {
 +			if (ci == NULL || (ci->test && ci->host == NULL)) {
 				result = 0;
 				continue;
 			}
@@ -1112,7 +1112,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
 				debug("connection from %.100s matched 'Host "
 				    "%.100s' at line %d", ci->host, arg, line);
 		} else if (strcasecmp(attrib, "address") == 0) {
 -			if (ci == NULL) {
 +			if (ci == NULL || (ci->test && ci->address == NULL)) {
 				result = 0;
 				continue;
 			}
@@ -1131,7 +1131,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
 				return -1;
 			}
 		} else if (strcasecmp(attrib, "localaddress") == 0){
 -			if (ci == NULL) {
 +			if (ci == NULL || (ci->test && ci->laddress == NULL)) {
 				result = 0;
 				continue;
 			}
@@ -1157,7 +1157,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
 				    arg);
 				return -1;
 			}
 -			if (ci == NULL) {
 +			if (ci == NULL || (ci->test && ci->lport == -1)) {
 				result = 0;
 				continue;
 			}
@@ -1175,6 +1175,8 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
 				result = 0;
 				continue;
 			}
 +			if (ci->rdomain == NULL)
 +				match_test_missing_fatal("RDomain", "rdomain");
 			if (match_pattern_list(ci->rdomain, arg, 0) != 1)
 				result = 0;
 			else
 diff --git a/servconf.h b/servconf.h
 index fdbae24..381ed25 100644
 --- a/servconf.h
 +++ b/servconf.h
@@ -231,6 +231,8 @@ struct connection_info {
 	const char *laddress;	/* local address */
 	int lport;		/* local port */
 	const char *rdomain;	/* routing domain if available */
 +	int test;		/* test mode, allow some attributes to be
 +				   * unspecified */
 };
 diff --git a/sshd.c b/sshd.c
 index 6d081e4..a00b1af 100644
 --- a/sshd.c
 +++ b/sshd.c
@@ -2001,6 +2001,7 @@ main(int ac, char **av)
 		 */
 		if (connection_info == NULL)
 			connection_info = get_connection_info(0, 0);
 +		connection_info->test = 1;
 		parse_server_match_config(&options, connection_info);
 		dump_config(&options);
 	}
 -- 
 2.19.1
--- a/upstream-make-grandparent-parent-child-sshbuf-chains.patch
+++ b/upstream-make-grandparent-parent-child-sshbuf-chains.patch
@ -1,56 +0,0 @@
 From 15182fd96845a03216d7ac5a2cf31c4e77e406e3 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Fri, 16 Nov 2018 06:10:29 +0000
 Subject: [PATCH 115/294] upstream: make grandparent-parent-child sshbuf chains
 robust to
 use-after-free faults if the ancestors are freed before the descendents.
 Nothing in OpenSSH uses this deallocation pattern. Reported by Jann Horn
 OpenBSD-Commit-ID: d93501d1d2734245aac802a252b9bb2eccdba0f2
 ---
 sshbuf.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)
 diff --git a/sshbuf.c b/sshbuf.c
 index 20ddf9e..adfddf7 100644
 --- a/sshbuf.c
 +++ b/sshbuf.c
@@ -1,4 +1,4 @@
 -/*	$OpenBSD: sshbuf.c,v 1.12 2018/07/09 21:56:06 markus Exp $	*/
 +/*	$OpenBSD: sshbuf.c,v 1.13 2018/11/16 06:10:29 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -143,12 +143,7 @@ sshbuf_free(struct sshbuf *buf)
 	 */
 	if (sshbuf_check_sanity(buf) != 0)
 		return;
 -	/*
 -	 * If we are a child, the free our parent to decrement its reference
 -	 * count and possibly free it.
 -	 */
 -	sshbuf_free(buf->parent);
 -	buf->parent = NULL;
 +
 	/*
 	 * If we are a parent with still-extant children, then don't free just
 	 * yet. The last child's call to sshbuf_free should decrement our
@@ -157,6 +152,14 @@ sshbuf_free(struct sshbuf *buf)
 	buf->refcount--;
 	if (buf->refcount > 0)
 		return;
 +
 +	/*
 +	 * If we are a child, the free our parent to decrement its reference
 +	 * count and possibly free it.
 +	 */
 +	sshbuf_free(buf->parent);
 +	buf->parent = NULL;
 +
 	if (!buf->readonly) {
 		explicit_bzero(buf->d, buf->alloc);
 		free(buf->d);
 -- 
 1.8.3.1
--- a/upstream-only-consider-the-ext-info-c-extension-duri.patch
+++ b/upstream-only-consider-the-ext-info-c-extension-duri.patch
@ -1,74 +0,0 @@
 From a6a0788cbbe8dfce2819ee43b09c80725742e21c Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Fri, 7 Dec 2018 03:39:40 +0000
 Subject: [PATCH 141/294] upstream: only consider the ext-info-c extension
 during the initial
 KEX. It shouldn't be sent in subsequent ones, but if it is present we should
 ignore it.
 This prevents sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy
 these clients. Reported by Jakub Jelen via bz2929; ok dtucker@
 OpenBSD-Commit-ID: 91564118547f7807030ec537480303e2371902f9
 ---
 kex.c | 6 ++++--
 kex.h | 3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)
 diff --git a/kex.c b/kex.c
 index 25f9f66..3823a95 100644
 --- a/kex.c
 +++ b/kex.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: kex.c,v 1.141 2018/07/09 13:37:10 sf Exp $ */
 +/* $OpenBSD: kex.c,v 1.142 2018/12/07 03:39:40 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -487,6 +487,7 @@ kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh)
 	if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
 		return r;
 	kex->done = 1;
 +	kex->flags &= ~KEX_INITIAL;
 	sshbuf_reset(kex->peer);
 	/* sshbuf_reset(kex->my); */
 	kex->flags &= ~KEX_INIT_SENT;
@@ -594,6 +595,7 @@ kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp)
 	if ((r = kex_prop2buf(kex->my, proposal)) != 0)
 		goto out;
 	kex->done = 0;
 +	kex->flags = KEX_INITIAL;
 	kex_reset_dispatch(ssh);
 	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
 	r = 0;
@@ -839,7 +841,7 @@ kex_choose_conf(struct ssh *ssh)
 	}
 	/* Check whether client supports ext_info_c */
 -	if (kex->server) {
 +	if (kex->server && (kex->flags & KEX_INITIAL)) {
 		char *ext;
 		ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL);
 diff --git a/kex.h b/kex.h
 index 593de12..0f67f58 100644
 --- a/kex.h
 +++ b/kex.h
@@ -1,4 +1,4 @@
 -/* $OpenBSD: kex.h,v 1.91 2018/07/11 18:53:29 markus Exp $ */
 +/* $OpenBSD: kex.h,v 1.92 2018/12/07 03:39:40 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -104,6 +104,7 @@ enum kex_exchange {
 };
 #define KEX_INIT_SENT	0x0001
 +#define KEX_INITIAL	0x0002
 struct sshenc {
 	char	*name;
 -- 
 1.8.3.1
--- a/upstream-typo-in-error-message-caught-by-Debian-lint.patch
+++ b/upstream-typo-in-error-message-caught-by-Debian-lint.patch
@ -1,35 +0,0 @@
 From 960e7c672dc106f3b759c081de3edb4d1138b36e Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Fri, 9 Nov 2018 02:57:58 +0000
 Subject: [PATCH 107/294] upstream: typo in error message; caught by Debian
 lintian, via
 Colin Watson
 OpenBSD-Commit-ID: bff614c7bd1f4ca491a84e9b5999f848d0d66758
 ---
 ssh-agent.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/ssh-agent.c b/ssh-agent.c
 index d8a8260..cb55246 100644
 --- a/ssh-agent.c
 +++ b/ssh-agent.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: ssh-agent.c,v 1.231 2018/05/11 03:38:51 djm Exp $ */
 +/* $OpenBSD: ssh-agent.c,v 1.232 2018/11/09 02:57:58 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1199,7 +1199,7 @@ main(int ac, char **av)
 	 */
 #define SSH_AGENT_MIN_FDS (3+1+1+1+4)
 	if (rlim.rlim_cur < SSH_AGENT_MIN_FDS)
 -		fatal("%s: file descriptior rlimit %lld too low (minimum %u)",
 +		fatal("%s: file descriptor rlimit %lld too low (minimum %u)",
 		    __progname, (long long)rlim.rlim_cur, SSH_AGENT_MIN_FDS);
 	maxfds = rlim.rlim_cur - SSH_AGENT_MIN_FDS;
 -- 
 1.8.3.1
--- a/upstream-typo-in-plain-RSA-algorithm-counterpart-nam.patch
+++ b/upstream-typo-in-plain-RSA-algorithm-counterpart-nam.patch
@ -1,32 +0,0 @@
 From ebfafd9c7a5b2a7fb515ee95dbe0e44e11d0a663 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Thu, 11 Oct 2018 00:52:46 +0000
 Subject: [PATCH 069/294] upstream: typo in plain RSA algorithm counterpart
 names for
 certificates; spotted by Adam Eijdenberg; ok dtucker@
 OpenBSD-Commit-ID: bfcdeb6f4fc9e7607f5096574c8f118f2e709e00
 ---
 sshkey.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/sshkey.c b/sshkey.c
 index ed57d30..5807627 100644
 --- a/sshkey.c
 +++ b/sshkey.c
@@ -118,9 +118,9 @@ static const struct keytype keytypes[] = {
 	{ "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL,
 	    KEY_RSA_CERT, 0, 1, 0 },
 	{ "rsa-sha2-256-cert-v01@openssh.com", "RSA-CERT",
 -	    "ssh-rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 },
 +	    "rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 },
 	{ "rsa-sha2-512-cert-v01@openssh.com", "RSA-CERT",
 -	    "ssh-rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 },
 +	    "rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 },
 	{ "ssh-dss-cert-v01@openssh.com", "DSA-CERT", NULL,
 	    KEY_DSA_CERT, 0, 1, 0 },
 	{ "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL,
 -- 
 1.8.3.1